Update all locales with the latest Transifex translations

Money!

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,44 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

.rubocop_manual_todo.yml

@@ -66,8 +66,9 @@ Layout/LineLength:
   - app/models/spree/image.rb
   - app/models/spree/order.rb
   - app/models/spree/payment_method.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/subscription.rb
   - app/models/variant_override.rb
   - app/models/variant_override_set.rb
@@ -336,6 +337,7 @@ Metrics/AbcSize:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
   - app/controllers/admin/product_import_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscription_line_items_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
@@ -356,13 +358,13 @@ Metrics/AbcSize:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/search_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_passwords_controller.rb
   - app/controllers/spree/user_registrations_controller.rb
   - app/controllers/spree/users_controller.rb
@@ -399,11 +401,12 @@ Metrics/AbcSize:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/product_serializer.rb
   - app/serializers/api/variant_serializer.rb
@@ -530,7 +533,7 @@ Metrics/CyclomaticComplexity:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - app/models/variant_override_set.rb
@@ -550,39 +553,6 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 7
   Exclude:
-  - app/controllers/admin/enterprise_fees_controller.rb
-  - app/controllers/admin/enterprises_controller.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/helpers/checkout_helper.rb
-  - app/helpers/order_cycles_helper.rb
-  - app/helpers/spree/admin/base_helper.rb
-  - app/helpers/spree/admin/navigation_helper.rb
-  - app/models/enterprise.rb
-  - app/models/enterprise_relationship.rb
-  - app/models/spree/ability.rb
-  - app/models/spree/address.rb
-  - app/models/spree/order/checkout.rb
-  - app/models/spree/payment_method.rb
-  - app/models/spree/payment.rb
-  - app/models/spree/preferences/preferable.rb
-  - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
-  - app/models/spree/return_authorization.rb
-  - app/models/spree/zone.rb
-  - app/models/variant_override_set.rb
-  - app/services/cart_service.rb
-  - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
-  - engines/order_management/app/services/order_management/stock/estimator.rb
-  - lib/active_merchant/billing/gateways/stripe_payment_intents.rb
-  - lib/discourse/single_sign_on.rb
-  - lib/open_food_network/enterprise_issue_validator.rb
-  - lib/spree/core/calculated_adjustments.rb
-  - lib/spree/core/controller_helpers/order.rb
-  - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
-  - lib/spree/localized_number.rb
-  - spec/models/product_importer_spec.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/api/variants_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
@@ -595,7 +565,10 @@ Metrics/PerceivedComplexity:
   - app/models/spree/address.rb
   - app/models/spree/order/checkout.rb
   - app/models/spree/order.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/preferences/preferable_class_methods.rb
+  - app/models/spree/preferences/preferable.rb
+  - app/models/spree/product.rb
+  - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
   - engines/order_management/app/services/order_management/stock/estimator.rb
@@ -618,6 +591,7 @@ Metrics/MethodLength:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/manager_invitations_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -632,13 +606,13 @@ Metrics/MethodLength:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/tax_categories_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_sessions_controller.rb
   - app/controllers/stripe/callbacks_controller.rb
   - app/controllers/user_confirmations_controller.rb
@@ -670,11 +644,13 @@ Metrics/MethodLength:
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/store.rb
+  - app/models/spree/product.rb
   - app/models/spree/product_decorator.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/admin/order_cycle_serializer.rb
   - app/serializers/api/cached_enterprise_serializer.rb
@@ -732,6 +708,7 @@ Metrics/ClassLength:
   Exclude:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/schedules_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -741,7 +718,6 @@ Metrics/ClassLength:
   - app/controllers/spree/admin/payment_methods_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/orders_controller.rb
   - app/models/enterprise.rb
@@ -755,8 +731,10 @@ Metrics/ClassLength:
   - app/models/spree/line_item.rb
   - app/models/spree/order.rb
   - app/models/spree/payment.rb
+  - app/models/spree/product.rb
   - app/models/spree/shipment.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/cached_enterprise_serializer.rb
   - app/serializers/api/enterprise_shopfront_serializer.rb

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-10-30 17:18:53 +0000 using RuboCop version 0.81.0.
+# on 2020-11-05 11:27:59 +0000 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -27,13 +27,6 @@ Lint/UselessAccessModifier:
     - 'app/services/mail_configuration.rb'
     - 'lib/open_food_network/feature_toggle.rb'
 
-# Offense count: 2
-Lint/UselessAssignment:
-  Exclude:
-    - 'spec/**/*'
-    - 'app/models/spree/taxon.rb'
-    - 'lib/spree/core/controller_helpers/common.rb'
-
 # Offense count: 10
 Naming/AccessorMethodName:
   Exclude:
@@ -60,7 +53,7 @@ Naming/MemoizedInstanceVariableName:
     - 'app/mailers/producer_mailer.rb'
     - 'lib/open_food_network/address_finder.rb'
 
-# Offense count: 24
+# Offense count: 25
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.
 # NamePrefix: is_, has_, have_
 # ForbiddenPrefixes: is_, has_, have_
@@ -72,6 +65,7 @@ Naming/PredicateName:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/order_cycle.rb'
+    - 'app/models/spree/ability.rb'
     - 'app/models/spree/adjustment.rb'
     - 'app/models/spree/credit_card.rb'
     - 'app/models/spree/line_item.rb'
@@ -125,7 +119,7 @@ Rails/Delegate:
     - 'app/models/spree/line_item.rb'
     - 'engines/order_management/app/services/order_management/reports/bulk_coop/renderers/html_renderer.rb'
 
-# Offense count: 16
+# Offense count: 15
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
@@ -139,7 +133,6 @@ Rails/FilePath:
     - 'spec/factories/product_factory.rb'
     - 'spec/features/admin/enterprises/images_spec.rb'
     - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
     - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
@@ -163,7 +156,7 @@ Rails/FindEach:
   Exclude:
     - 'app/models/spree/shipment.rb'
 
-# Offense count: 9
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -172,12 +165,14 @@ Rails/HasAndBelongsToMany:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/spree/line_item.rb'
+    - 'app/models/spree/option_value.rb'
     - 'app/models/spree/role.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/user.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 38
+# Offense count: 41
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -197,7 +192,7 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/taxonomy.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/subscription.rb'
 
 # Offense count: 84
@@ -272,13 +267,13 @@ Rails/ReflectionClassName:
     - 'app/models/spree/order.rb'
     - 'app/models/subscription.rb'
 
-# Offense count: 247
+# Offense count: 250
 # Configuration parameters: Blacklist, Whitelist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
   Exclude:
+    - 'app/controllers/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
@@ -294,10 +289,12 @@ Rails/SkipsModelValidations:
     - 'app/models/spree/inventory_unit.rb'
     - 'app/models/spree/order.rb'
     - 'app/models/spree/payment.rb'
+    - 'app/models/spree/product.rb'
     - 'app/models/spree/shipment.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/tax_category.rb'
     - 'app/models/spree/taxonomy.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
     - 'app/models/subscription.rb'
     - 'app/models/variant_override.rb'
@@ -440,14 +437,12 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/features/admin/bulk_order_management_spec.rb'
 
-# Offense count: 765
+# Offense count: 760
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Exclude:
-    - 'Gemfile'
-    - 'Rakefile'
     - 'app/controllers/admin/bulk_line_items_controller.rb'
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/contents_controller.rb'
@@ -518,7 +513,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/spree/admin/products_controller.rb'
     - 'app/controllers/spree/admin/properties_controller.rb'
     - 'app/controllers/spree/admin/reports_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/return_authorizations_controller.rb'
     - 'app/controllers/spree/admin/search_controller.rb'
     - 'app/controllers/spree/admin/shipping_categories_controller.rb'
@@ -635,16 +629,10 @@ Style/FrozenStringLiteralComment:
     - 'app/models/spree/gateway/migs.rb'
     - 'app/models/spree/gateway/pin.rb'
     - 'app/models/spree/gateway/stripe_connect.rb'
-    - 'app/models/spree/option_type_decorator.rb'
     - 'app/models/spree/preferences/file_configuration.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
-    - 'app/models/spree/product_option_type_decorator.rb'
-    - 'app/models/spree/product_property_decorator.rb'
     - 'app/models/spree/product_set.rb'
     - 'app/models/spree/property.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
     - 'app/models/stripe_account.rb'
     - 'app/models/subscription.rb'
     - 'app/models/subscription_line_item.rb'
@@ -725,7 +713,6 @@ Style/FrozenStringLiteralComment:
     - 'app/validators/date_time_string_validator.rb'
     - 'app/validators/distributors_validator.rb'
     - 'app/validators/integer_array_validator.rb'
-    - 'config.ru'
     - 'engines/order_management/app/controllers/order_management/application_controller.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/authorizer.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/data_representations/coordinator_fee.rb'
@@ -750,29 +737,11 @@ Style/FrozenStringLiteralComment:
     - 'engines/order_management/app/services/reports/permissions.rb'
     - 'engines/order_management/app/services/reports/renderers/base.rb'
     - 'engines/order_management/app/services/reports/report_data/base.rb'
-    - 'engines/order_management/config/routes.rb'
-    - 'engines/order_management/lib/order_management.rb'
-    - 'engines/order_management/lib/order_management/engine.rb'
-    - 'engines/order_management/lib/order_management/version.rb'
-    - 'engines/order_management/order_management.gemspec'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/authorizer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/parameters_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/permissions_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_service_spec.rb'
     - 'engines/web/app/controllers/web/angular_templates_controller.rb'
     - 'engines/web/app/controllers/web/api/cookies_consent_controller.rb'
     - 'engines/web/app/controllers/web/application_controller.rb'
     - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/config/routes.rb'
-    - 'engines/web/lib/web.rb'
     - 'engines/web/lib/web/cookies_consent.rb'
-    - 'engines/web/lib/web/engine.rb'
-    - 'engines/web/lib/web/version.rb'
-    - 'engines/web/spec/helpers/cookies_policy_helper_spec.rb'
-    - 'engines/web/web.gemspec'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/address_finder.rb'
     - 'lib/open_food_network/available_payment_method_filter.rb'
@@ -849,370 +818,8 @@ Style/FrozenStringLiteralComment:
     - 'lib/tasks/sample_data/user_factory.rb'
     - 'lib/tasks/specs.rake'
     - 'lib/tasks/users.rake'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/column_preferences_controller_spec.rb'
-    - 'spec/controllers/admin/customers_controller_spec.rb'
-    - 'spec/controllers/admin/enterprises_controller_spec.rb'
-    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
-    - 'spec/controllers/admin/manager_invitations_controller_spec.rb'
-    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
-    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
-    - 'spec/controllers/admin/schedules_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_connect_settings_controller_spec.rb'
-    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/admin/tag_rules_controller_spec.rb'
-    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
-    - 'spec/controllers/api/base_controller_spec.rb'
-    - 'spec/controllers/api/customers_controller_spec.rb'
-    - 'spec/controllers/api/enterprise_fees_controller_spec.rb'
-    - 'spec/controllers/api/enterprises_controller_spec.rb'
-    - 'spec/controllers/api/logos_controller_spec.rb'
-    - 'spec/controllers/api/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/orders_controller_spec.rb'
-    - 'spec/controllers/api/product_images_controller_spec.rb'
-    - 'spec/controllers/api/products_controller_spec.rb'
-    - 'spec/controllers/api/promo_images_controller_spec.rb'
-    - 'spec/controllers/api/shipments_controller_spec.rb'
-    - 'spec/controllers/api/statuses_controller_spec.rb'
-    - 'spec/controllers/api/taxonomies_controller_spec.rb'
-    - 'spec/controllers/api/taxons_controller_spec.rb'
-    - 'spec/controllers/api/terms_and_conditions_controller_spec.rb'
-    - 'spec/controllers/api/variants_controller_spec.rb'
-    - 'spec/controllers/base_controller_spec.rb'
-    - 'spec/controllers/cart_controller_spec.rb'
-    - 'spec/controllers/checkout_controller_spec.rb'
-    - 'spec/controllers/enterprises_controller_spec.rb'
-    - 'spec/controllers/groups_controller_spec.rb'
-    - 'spec/controllers/line_items_controller_spec.rb'
-    - 'spec/controllers/registration_controller_spec.rb'
-    - 'spec/controllers/shop_controller_spec.rb'
-    - 'spec/controllers/shops_controller_spec.rb'
-    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/admin/general_settings_controller_spec.rb'
-    - 'spec/controllers/spree/admin/invoices_controller_spec.rb'
-    - 'spec/controllers/spree/admin/mail_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
-    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
-    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/products_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
-    - 'spec/controllers/spree/admin/search_controller_spec.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/users_controller_spec.rb'
-    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
-    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/spree/user_sessions_controller_spec.rb'
-    - 'spec/controllers/spree/users_controller_spec.rb'
-    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
-    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
-    - 'spec/controllers/user_confirmations_controller_spec.rb'
-    - 'spec/controllers/user_passwords_controller_spec.rb'
-    - 'spec/controllers/user_registrations_controller_spec.rb'
-    - 'spec/factories.rb'
-    - 'spec/factories/address_factory.rb'
-    - 'spec/factories/calculated_adjustment_factory.rb'
-    - 'spec/factories/calculator_factory.rb'
-    - 'spec/factories/enterprise_factory.rb'
-    - 'spec/factories/order_cycle_factory.rb'
-    - 'spec/factories/order_factory.rb'
-    - 'spec/factories/product_factory.rb'
-    - 'spec/factories/return_authorization_factory.rb'
-    - 'spec/factories/shipment_factory.rb'
-    - 'spec/factories/shipping_method_factory.rb'
-    - 'spec/factories/state_factory.rb'
-    - 'spec/factories/stock_movement_factory.rb'
-    - 'spec/factories/subscription_factory.rb'
-    - 'spec/factories/tag_rule_factory.rb'
-    - 'spec/factories/user_factory.rb'
-    - 'spec/factories/variant_factory.rb'
-    - 'spec/features/admin/adjustments_spec.rb'
-    - 'spec/features/admin/authentication_spec.rb'
-    - 'spec/features/admin/bulk_order_management_spec.rb'
-    - 'spec/features/admin/bulk_product_update_spec.rb'
-    - 'spec/features/admin/configuration/content_spec.rb'
-    - 'spec/features/admin/configuration/general_settings_spec.rb'
-    - 'spec/features/admin/configuration/mail_methods_spec.rb'
-    - 'spec/features/admin/configuration/states_spec.rb'
-    - 'spec/features/admin/configuration/tax_categories_spec.rb'
-    - 'spec/features/admin/configuration/tax_rates_spec.rb'
-    - 'spec/features/admin/configuration/taxonomies_spec.rb'
-    - 'spec/features/admin/configuration/zones_spec.rb'
-    - 'spec/features/admin/customers_spec.rb'
-    - 'spec/features/admin/enterprise_fees_spec.rb'
-    - 'spec/features/admin/enterprise_groups_spec.rb'
-    - 'spec/features/admin/enterprise_relationships_spec.rb'
-    - 'spec/features/admin/enterprise_roles_spec.rb'
-    - 'spec/features/admin/enterprise_user_spec.rb'
-    - 'spec/features/admin/enterprises/index_spec.rb'
-    - 'spec/features/admin/enterprises_spec.rb'
-    - 'spec/features/admin/external_services_spec.rb'
-    - 'spec/features/admin/multilingual_spec.rb'
-    - 'spec/features/admin/overview_spec.rb'
-    - 'spec/features/admin/payment_method_spec.rb'
-    - 'spec/features/admin/payments_spec.rb'
-    - 'spec/features/admin/product_import_spec.rb'
-    - 'spec/features/admin/products_spec.rb'
-    - 'spec/features/admin/reports/packing_report_spec.rb'
-    - 'spec/features/admin/reports_spec.rb'
-    - 'spec/features/admin/schedules_spec.rb'
-    - 'spec/features/admin/shipping_methods_spec.rb'
-    - 'spec/features/admin/subscriptions_spec.rb'
-    - 'spec/features/admin/tag_rules_spec.rb'
-    - 'spec/features/admin/tax_settings_spec.rb'
-    - 'spec/features/admin/users_spec.rb'
-    - 'spec/features/admin/variant_overrides_spec.rb'
-    - 'spec/features/admin/variants_spec.rb'
-    - 'spec/features/consumer/account/cards_spec.rb'
-    - 'spec/features/consumer/account/settings_spec.rb'
-    - 'spec/features/consumer/account_spec.rb'
-    - 'spec/features/consumer/authentication_spec.rb'
-    - 'spec/features/consumer/confirm_invitation_spec.rb'
-    - 'spec/features/consumer/footer_links_spec.rb'
-    - 'spec/features/consumer/groups_spec.rb'
-    - 'spec/features/consumer/multilingual_spec.rb'
-    - 'spec/features/consumer/producers_spec.rb'
-    - 'spec/features/consumer/registration_spec.rb'
-    - 'spec/features/consumer/shopping/cart_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_paypal_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_groups_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_shopfronts_spec.rb'
-    - 'spec/features/consumer/shopping/orders_spec.rb'
-    - 'spec/features/consumer/shopping/products_spec.rb'
-    - 'spec/features/consumer/shopping/shopping_spec.rb'
-    - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/features/consumer/shops_spec.rb'
-    - 'spec/features/consumer/sitemap_spec.rb'
-    - 'spec/helpers/admin/orders_helper_spec.rb'
-    - 'spec/helpers/admin/subscriptions_helper_spec.rb'
-    - 'spec/helpers/checkout_helper_spec.rb'
-    - 'spec/helpers/enterprises_helper_spec.rb'
-    - 'spec/helpers/groups_helper_spec.rb'
-    - 'spec/helpers/html_helper_spec.rb'
-    - 'spec/helpers/i18n_helper_spec.rb'
-    - 'spec/helpers/injection_helper_spec.rb'
-    - 'spec/helpers/navigation_helper_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
-    - 'spec/helpers/shop_helper_spec.rb'
-    - 'spec/helpers/spree/admin/base_helper_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/helpers/spree/orders_helper_spec.rb'
-    - 'spec/jobs/confirm_order_job_spec.rb'
-    - 'spec/jobs/confirm_signup_job_spec.rb'
-    - 'spec/jobs/heartbeat_job_spec.rb'
-    - 'spec/jobs/order_cycle_notification_job_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/jobs/welcome_enterprise_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_issue_validator_spec.rb'
-    - 'spec/lib/open_food_network/error_logger_spec.rb'
-    - 'spec/lib/open_food_network/feature_toggle_spec.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
-    - 'spec/lib/open_food_network/i18n_config_spec.rb'
-    - 'spec/lib/open_food_network/lettuce_share_report_spec.rb'
-    - 'spec/lib/open_food_network/order_and_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/customer_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/distributor_totals_by_supplier_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_by_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report_spec.rb'
-    - 'spec/lib/open_food_network/packing_report_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
-    - 'spec/lib/open_food_network/property_merge_spec.rb'
-    - 'spec/lib/open_food_network/referer_parser_spec.rb'
-    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
-    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
-    - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/user_balance_calculator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
-    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
-    - 'spec/lib/spree/localized_number_spec.rb'
-    - 'spec/lib/stripe/account_connector_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/lib/tasks/enterprises_rake_spec.rb'
-    - 'spec/lib/tasks/users_rake_spec.rb'
-    - 'spec/mailers/enterprise_mailer_spec.rb'
-    - 'spec/mailers/producer_mailer_spec.rb'
-    - 'spec/mailers/subscription_mailer_spec.rb'
-    - 'spec/mailers/user_mailer_spec.rb'
-    - 'spec/models/adjustment_metadata_spec.rb'
-    - 'spec/models/calculator/flat_percent_item_total_spec.rb'
-    - 'spec/models/calculator/flat_percent_per_item_spec.rb'
-    - 'spec/models/calculator/flat_rate_spec.rb'
-    - 'spec/models/calculator/flexi_rate_spec.rb'
-    - 'spec/models/calculator/per_item_spec.rb'
-    - 'spec/models/calculator/price_sack_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/column_preference_spec.rb'
-    - 'spec/models/concerns/order_shipment_spec.rb'
-    - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/concerns/variant_stock_spec.rb'
-    - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/customer_spec.rb'
-    - 'spec/models/enterprise_caching_spec.rb'
-    - 'spec/models/enterprise_fee_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
-    - 'spec/models/enterprise_relationship_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/model_set_spec.rb'
-    - 'spec/models/order_cycle_spec.rb'
-    - 'spec/models/product_import/entry_processor_spec.rb'
-    - 'spec/models/product_import/inventory_reset_strategy_spec.rb'
-    - 'spec/models/product_import/reset_absent_spec.rb'
-    - 'spec/models/product_import/settings_spec.rb'
-    - 'spec/models/product_importer_spec.rb'
-    - 'spec/models/proxy_order_spec.rb'
-    - 'spec/models/spree/ability_spec.rb'
-    - 'spec/models/spree/addresses_spec.rb'
-    - 'spec/models/spree/adjustment_spec.rb'
-    - 'spec/models/spree/calculator_spec.rb'
-    - 'spec/models/spree/classification_spec.rb'
-    - 'spec/models/spree/credit_card_spec.rb'
-    - 'spec/models/spree/gateway/stripe_connect_spec.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/order/checkout_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
-    - 'spec/models/spree/payment_method_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/preferences/file_configuration_spec.rb'
-    - 'spec/models/spree/price_spec.rb'
-    - 'spec/models/spree/product_set_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/models/spree/shipping_method_spec.rb'
-    - 'spec/models/spree/stock/availability_validator_spec.rb'
-    - 'spec/models/spree/tax_rate_spec.rb'
-    - 'spec/models/spree/user_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
-    - 'spec/models/stripe_account_spec.rb'
-    - 'spec/models/subscription_line_item_spec.rb'
-    - 'spec/models/subscription_spec.rb'
-    - 'spec/models/tag_rule/discount_order_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/tag_rule_spec.rb'
-    - 'spec/models/variant_override_spec.rb'
-    - 'spec/performance/injection_helper_spec.rb'
-    - 'spec/performance/orders_controller_spec.rb'
-    - 'spec/performance/shop_controller_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/paypal_spec.rb'
-    - 'spec/requests/checkout/stripe_connect_spec.rb'
-    - 'spec/requests/embedded_shopfronts_headers_spec.rb'
-    - 'spec/requests/large_request_spec.rb'
-    - 'spec/serializers/api/admin/customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/exchange_serializer_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/index_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/admin/product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_line_item_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_override_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_serializer_spec.rb'
-    - 'spec/serializers/api/cached_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/credit_card_serializer_spec.rb'
-    - 'spec/serializers/api/current_order_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_list_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_serializer_spec.rb'
-    - 'spec/serializers/api/group_list_serializer_spec.rb'
-    - 'spec/serializers/api/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/order_serializer_spec.rb'
-    - 'spec/serializers/api/product_serializer_spec.rb'
-    - 'spec/serializers/api/shipping_method_serializer_spec.rb'
-    - 'spec/serializers/api/variant_serializer_spec.rb'
-    - 'spec/services/bulk_invoice_service_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/default_shipping_category_spec.rb'
-    - 'spec/services/default_stock_location_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/services/exchange_products_renderer_spec.rb'
-    - 'spec/services/exchange_variant_bulk_updater_spec.rb'
-    - 'spec/services/invoice_renderer_spec.rb'
-    - 'spec/services/mail_configuration_spec.rb'
-    - 'spec/services/order_cycle_distributed_products_spec.rb'
-    - 'spec/services/order_cycle_distributed_variants_spec.rb'
-    - 'spec/services/order_cycle_form_spec.rb'
-    - 'spec/services/order_cycle_warning_spec.rb'
-    - 'spec/services/order_factory_spec.rb'
-    - 'spec/services/order_syncer_spec.rb'
-    - 'spec/services/order_workflow_spec.rb'
-    - 'spec/services/permissions/order_spec.rb'
-    - 'spec/services/product_tag_rules_filterer_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/search_orders_spec.rb'
-    - 'spec/services/tax_rate_finder_spec.rb'
-    - 'spec/services/upload_sanitizer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/services/variants_stock_levels_spec.rb'
-    - 'spec/spec_helper.rb'
-    - 'spec/support/ability_helper.rb'
-    - 'spec/support/api_helper.rb'
-    - 'spec/support/cancan_helper.rb'
-    - 'spec/support/controller_helper.rb'
-    - 'spec/support/delayed_job_helper.rb'
-    - 'spec/support/downloads_helper.rb'
-    - 'spec/support/email_helper.rb'
-    - 'spec/support/embedded_pages_helper.rb'
-    - 'spec/support/enterprise_groups_helper.rb'
-    - 'spec/support/feature_toggle_helper.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/support/filters_helper.rb'
-    - 'spec/support/html_helper.rb'
-    - 'spec/support/i18n_error_raising.rb'
-    - 'spec/support/localized_number_helper.rb'
-    - 'spec/support/matchers/date_time_validator_matchers.rb'
-    - 'spec/support/matchers/delegate_matchers.rb'
-    - 'spec/support/matchers/email_confirmation_matchers.rb'
-    - 'spec/support/matchers/flash_message_matchers.rb'
-    - 'spec/support/matchers/integer_array_validator_matchers.rb'
-    - 'spec/support/matchers/select2_matchers.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/support/performance_helper.rb'
-    - 'spec/support/products_helper.rb'
-    - 'spec/support/request/admin_helper.rb'
-    - 'spec/support/request/authentication_helper.rb'
-    - 'spec/support/request/cookie_helper.rb'
-    - 'spec/support/request/distribution_helper.rb'
-    - 'spec/support/request/menu_helper.rb'
-    - 'spec/support/request/shop_workflow.rb'
-    - 'spec/support/request/ui_component_helper.rb'
-    - 'spec/support/request/web_helper.rb'
-    - 'spec/support/seeds.rb'
-    - 'spec/support/spree/checkout_helpers.rb'
-    - 'spec/support/spree/money_helper.rb'
-    - 'spec/support/spree/url_helpers.rb'
-    - 'spec/support/timecop.rb'
-    - 'spec/validators/date_time_string_validator_spec.rb'
-    - 'spec/validators/integer_array_validator_spec.rb'
-    - 'spec/views/spree/admin/orders/edit.html.haml_spec.rb'
-    - 'spec/views/spree/admin/orders/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/shared/_order_links.html.haml_spec.rb'
 
-# Offense count: 44
+# Offense count: 39
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -1229,8 +836,6 @@ Style/GuardClause:
     - 'app/models/enterprise_group.rb'
     - 'app/models/producer_property.rb'
     - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
     - 'app/services/order_syncer.rb'
     - 'app/services/variant_units/variant_and_line_item_naming.rb'
     - 'lib/discourse/single_sign_on.rb'

.ruby-version

@@ -1 +1 @@
-2.3.7
+2.4.4

Gemfile

@@ -1,14 +1,17 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
-ruby "2.3.7"
+ruby "2.4.4"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
-gem 'i18n', '~> 0.6.11'
+gem 'i18n'
 gem 'i18n-js', '~> 3.8.0'
-gem 'rails', '~> 4.0.13'
-gem 'rails-i18n', '~> 4.0'
+gem 'rails', '~> 4.2'
+gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
+gem 'responders', '~> 2.0'
 
 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -18,19 +21,17 @@ gem 'web', path: './engines/web'
 gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'
 
-gem 'acts_as_list', '= 0.3.0'
-gem 'awesome_nested_set', '~> 3.2.1'
+gem 'acts_as_list', '0.9.19'
+gem 'awesome_nested_set', '~> 3.3.1'
 gem 'cancan', '~> 1.6.10'
-gem 'ffaker', '~> 1.16'
+gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
-gem 'json', '>= 1.7.7'
-gem 'money', '5.1.1'
-gem 'paranoia', '~> 2.0'
+gem 'json'
+gem 'monetize', '~> 1.1'
+gem 'paranoia', '~> 2.4'
 gem 'ransack', '~> 1.8.10'
-gem 'state_machine', '1.2.0'
-gem 'stringex', '~> 1.5.1'
-
-gem 'spree_i18n', github: 'openfoodfoundation/spree_i18n', branch: '1-3-stable'
+gem 'state_machines-activerecord'
+gem 'stringex', '~> 2.8.5'
 
 # Our branch contains the following changes:
 # - Pass customer email and phone number to PayPal (merged to upstream master)
@@ -44,9 +45,9 @@ gem 'stripe'
 # which is needed for Pin Payments (and possibly others).
 gem 'activemerchant', '~> 1.78.0'
 
-gem 'devise', '~> 3.5.10' # v4.0.0 needs rails 4.1
+gem 'devise'
 gem 'devise-encryptable'
-gem 'devise-token_authenticatable', '~> 0.4.10' # v0.5.0 needs devise v4
+gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
 
@@ -54,7 +55,7 @@ gem 'daemons'
 gem 'delayed_job_active_record'
 gem 'delayed_job_web'
 
-gem 'kaminari', '~> 0.17.0'
+gem 'kaminari', '~> 1.2.1'
 
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
@@ -65,7 +66,6 @@ gem 'haml'
 gem 'redcarpet'
 gem 'sass'
 gem 'sass-rails'
-gem 'truncate_html', '0.9.2'
 gem 'unicorn'
 
 gem 'actionpack-action_caching'
@@ -80,7 +80,6 @@ gem 'dalli'
 gem 'figaro'
 gem 'geocoder'
 gem 'gmaps4rails'
-gem 'oj'
 gem 'paper_trail', '~> 7.1.3'
 gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
@@ -91,7 +90,6 @@ gem 'combine_pdf'
 gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'
 
-gem 'foreigner'
 gem 'immigrant'
 gem 'roo', '~> 2.8.3'
 
@@ -112,7 +110,7 @@ gem 'foundation-icons-sass-rails'
 gem 'foundation-rails', '= 5.5.2.1'
 
 gem 'jquery-migrate-rails'
-gem 'jquery-rails', '3.1.5'
+gem 'jquery-rails', '4.4.0'
 gem 'jquery-ui-rails', '~> 4.2'
 gem 'select2-rails', '~> 3.4.7'
 
@@ -127,10 +125,10 @@ group :test, :development do
   # Pretty printed test output
   gem 'atomic'
   gem 'awesome_print'
-  gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
+  gem 'capybara'
   gem 'database_cleaner', require: false
-  gem "factory_bot_rails", '4.10.0', require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem "factory_bot_rails", '5.2.0', require: false
+  gem 'fuubar', '~> 2.5.1'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
   gem 'letter_opener', '>= 1.4.1'
@@ -147,17 +145,17 @@ end
 group :test do
   gem 'simplecov', require: false
   gem 'test-prof'
+  gem 'test_after_commit' # needed to test Devise callbacks
   gem 'webmock'
   # See spec/spec_helper.rb for instructions
   # gem 'perftools.rb'
 end
 
 group :development do
-  gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
+  gem 'byebug'
   gem 'debugger-linecache'
-  gem "newrelic_rpm", "~> 3.0"
-  gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
-  gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
+  gem 'pry'
+  gem 'pry-byebug'
   gem 'rubocop'
   gem 'rubocop-rails'
   gem 'spring'

Gemfile.lock

@@ -19,15 +19,6 @@ GIT
   specs:
     ofn-qz (0.1.0)
 
-GIT
-  remote: https://github.com/openfoodfoundation/spree_i18n.git
-  revision: 12f18312232f0ce70270d47859d2951d12f7791c
-  branch: 1-3-stable
-  specs:
-    spree_i18n (1.0.0)
-      i18n (~> 0.5)
-      rails-i18n
-
 PATH
   remote: engines/catalog
   specs:
@@ -55,33 +46,44 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    actionmailer (4.0.13)
-      actionpack (= 4.0.13)
+    actionmailer (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.11.3)
+      actionview (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-action_caching (1.2.1)
       actionpack (>= 4.0.0)
+    actionview (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
+    activejob (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      globalid (>= 0.3.0)
     activemerchant (1.78.0)
       activesupport (>= 3.2.14, < 6.x)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-    activerecord (4.0.13)
-      activemodel (= 4.0.13)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.13)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.4)
+    activemodel (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+    activerecord (4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      arel (~> 6.0)
     activerecord-import (1.0.7)
       activerecord (>= 3.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -92,18 +94,20 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activesupport (4.0.13)
-      i18n (~> 0.6, >= 0.6.9)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
+    activesupport (4.2.11.3)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
     acts-as-taggable-on (4.0.0)
       activerecord (>= 4.0)
-    acts_as_list (0.3.0)
+    acts_as_list (0.9.19)
       activerecord (>= 3.0)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    aliyun-sdk (0.8.0)
+      nokogiri (~> 1.6)
+      rest-client (~> 2.0)
     andand (1.3.3)
     angular-rails-templates (0.3.0)
       railties (>= 3.1)
@@ -111,10 +115,10 @@ GEM
       tilt
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.5.5)
-    arel (4.0.2)
-    ast (2.4.0)
+    arel (6.0.4)
+    ast (2.4.1)
     atomic (1.1.101)
-    awesome_nested_set (3.2.1)
+    awesome_nested_set (3.3.1)
       activerecord (>= 4.0.0, < 7.0)
     awesome_print (1.8.0)
     aws-sdk (1.67.0)
@@ -122,26 +126,27 @@ GEM
     aws-sdk-v1 (1.67.0)
       json (~> 1.4)
       nokogiri (~> 1)
-    bcrypt (3.1.13)
-    bugsnag (6.18.0)
+    bcrypt (3.1.16)
+    bugsnag (6.19.0)
       concurrent-ruby (~> 1.0)
-    builder (3.1.4)
-    byebug (11.0.1)
+    builder (3.2.4)
+    byebug (11.1.3)
     cancan (1.6.10)
-    capybara (2.18.0)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
     childprocess (3.0.0)
     chronic (0.10.2)
-    chunky_png (1.3.11)
+    chunky_png (1.3.14)
     climate_control (0.2.0)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.2)
+    coderay (1.1.3)
     coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
       railties (>= 4.0.0)
@@ -149,7 +154,7 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.16)
+    combine_pdf (1.0.21)
       ruby-rc4 (>= 0.1.5)
     compass (1.0.3)
       chunky_png (~> 1.2)
@@ -169,6 +174,7 @@ GEM
       sprockets (< 4.0)
     concurrent-ruby (1.1.7)
     crack (0.4.4)
+    crass (1.0.6)
     css_parser (1.7.1)
       addressable
     daemons (1.3.1)
@@ -178,48 +184,49 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
-    ddtrace (0.42.0)
+    ddtrace (0.43.0)
       msgpack
     debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
+    delayed_job (4.1.9)
+      activesupport (>= 3.0, < 6.2)
+    delayed_job_active_record (4.1.5)
+      activerecord (>= 3.0, < 6.2)
       delayed_job (>= 3.0, < 5)
     delayed_job_web (1.4.3)
       activerecord (> 3.0.0)
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
       sinatra (>= 1.4.4)
-    devise (3.5.10)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-token_authenticatable (0.4.10)
-      devise (>= 3.5.2, < 4.0.0)
-    diff-lcs (1.3)
-    docile (1.3.2)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
+    docile (1.3.4)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     dry-inflector (0.1.2)
     erubis (2.7.0)
     eventmachine (1.2.7)
-    excon (0.71.1)
+    excon (0.78.0)
     execjs (2.7.0)
-    factory_bot (4.10.0)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.10.0)
-      factory_bot (~> 4.10.0)
-      railties (>= 3.0.0)
-    faraday (1.0.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
-    ffaker (1.32.1)
-    ffi (1.12.2)
-    figaro (1.1.1)
-      thor (~> 0.14)
+    ffaker (2.16.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
     fission (0.5.0)
       CFPropertyList (~> 2.2)
     fog (1.41.0)
@@ -256,7 +263,8 @@ GEM
       fog-xml (~> 0.1.1)
       ipaddress (~> 0.5)
       json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.5)
+    fog-aliyun (0.3.19)
+      aliyun-sdk (~> 0.8.0)
       fog-core
       fog-json
       ipaddress (~> 0.8)
@@ -302,7 +310,7 @@ GEM
       fog-core
       fog-json
       fog-xml
-    fog-internet-archive (0.0.1)
+    fog-internet-archive (0.0.2)
       fog-core
       fog-json
       fog-xml
@@ -359,7 +367,7 @@ GEM
     fog-voxel (0.1.0)
       fog-core
       fog-xml
-    fog-vsphere (3.2.1)
+    fog-vsphere (3.4.0)
       fog-core
       rbvmomi (>= 1.9, < 3)
     fog-xenserver (1.0.0)
@@ -369,8 +377,6 @@ GEM
     fog-xml (0.1.3)
       fog-core
       nokogiri (>= 1.5.11, < 2.0.0)
-    foreigner (1.7.4)
-      activerecord (>= 3.0.0)
     formatador (0.2.5)
     foundation-icons-sass-rails (3.0.0)
       railties (>= 3.1.1)
@@ -378,29 +384,35 @@ GEM
     foundation-rails (5.5.2.1)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
     geocoder (1.6.4)
-    get_process_mem (0.2.5)
+    get_process_mem (0.2.7)
       ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
     gmaps4rails (2.1.2)
-    haml (5.2.0)
+    haml (5.2.1)
       temple (>= 0.8.0)
       tilt
     hashdiff (1.0.1)
     highline (2.0.3)
     hike (1.2.3)
-    i18n (0.6.11)
+    http-accept (1.7.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
     i18n-js (3.8.0)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
       activerecord (>= 3.0)
     ipaddress (0.8.3)
-    jaro_winkler (1.5.4)
     jquery-migrate-rails (1.2.1)
-    jquery-rails (3.1.5)
-      railties (>= 3.0, < 5.0)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
@@ -411,20 +423,32 @@ GEM
       multi_json (~> 1.0)
       rspec (>= 2.0, < 4.0)
     jwt (2.2.2)
-    kaminari (0.17.0)
-      actionpack (>= 3.0.0)
-      activesupport (>= 3.0.0)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
     kgio (2.11.3)
-    knapsack (1.19.0)
+    knapsack (1.20.0)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
     libv8 (7.3.492.27.1)
+    loofah (2.8.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    method_source (0.9.2)
+    method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2020.0512)
@@ -432,15 +456,17 @@ GEM
     mini_portile2 (2.4.0)
     mini_racer (0.2.15)
       libv8 (> 7.3)
-    minitest (4.7.5)
-    money (5.1.1)
-      i18n (~> 0.6.0)
+    minitest (5.14.3)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
     msgpack (1.3.3)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    newrelic_rpm (3.18.1.330)
-    nokogiri (1.10.9)
+    netrc (0.11.0)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -448,8 +474,7 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    oj (3.10.8)
-    optimist (3.0.0)
+    optimist (3.0.1)
     orm_adapter (0.5.0)
     paper_trail (7.1.3)
       activerecord (>= 4.0, < 5.2)
@@ -460,11 +485,11 @@ GEM
       activesupport (>= 3.0.0)
       cocaine (~> 0.5.0)
       mime-types
-    parallel (1.19.1)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.1.0)
-      ast (~> 2.4.0)
+    parallel (1.20.1)
+    paranoia (2.4.3)
+      activerecord (>= 4.0, < 6.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
     paypal-sdk-core (0.2.10)
       multi_json (~> 1.0)
       xml-simple
@@ -472,15 +497,15 @@ GEM
       paypal-sdk-core (~> 0.2.3)
     pg (0.21.0)
     power_assert (1.2.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-byebug (3.7.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
       byebug (~> 11.0)
-      pry (~> 0.10)
+      pry (~> 0.13.0)
     public_suffix (4.0.6)
-    rack (1.5.5)
-    rack-mini-profiler (2.0.2)
+    rack (1.6.13)
+    rack-mini-profiler (2.3.0)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
@@ -489,77 +514,95 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.0.13)
-      actionmailer (= 4.0.13)
-      actionpack (= 4.0.13)
-      activerecord (= 4.0.13)
-      activesupport (= 4.0.13)
+    rails (4.2.11.3)
+      actionmailer (= 4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activerecord (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.13)
-      sprockets-rails (~> 2.0)
-    rails-i18n (4.0.5)
-      i18n (~> 0.6)
+      railties (= 4.2.11.3)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
+      nokogiri (~> 1.6)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (4.0.9)
+      i18n (~> 0.7)
       railties (~> 4.0)
     rails_safe_tasks (1.0.0)
-    railties (4.0.13)
-      actionpack (= 4.0.13)
-      activesupport (= 4.0.13)
+    railties (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.1)
-    rake (13.0.1)
+    rake (13.0.3)
     ransack (1.8.10)
       actionpack (>= 3.0, < 5.2)
       activerecord (>= 3.0, < 5.2)
       activesupport (>= 3.0, < 5.2)
       i18n
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbvmomi (2.2.0)
+    rbvmomi (2.4.1)
       builder (~> 3.0)
       json (>= 1.8)
       nokogiri (~> 1.5)
       optimist (~> 3.0)
-    redcarpet (3.5.0)
+    redcarpet (3.5.1)
+    regexp_parser (1.8.2)
     request_store (1.5.0)
       rack (>= 1.4)
-    responders (1.1.2)
-      railties (>= 3.2, < 4.2)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     rexml (3.2.4)
-    roadie (3.4.0)
+    roadie (3.5.1)
       css_parser (~> 1.4)
-      nokogiri (~> 1.5)
+      nokogiri (~> 1.8)
     roadie-rails (1.3.0)
       railties (>= 3.0, < 5.3)
       roadie (~> 3.1)
     roo (2.8.3)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.1)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.2)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.9.2)
+    rspec-support (3.10.1)
     rswag (2.3.1)
       rswag-api (= 2.3.1)
       rswag-specs (= 2.3.1)
@@ -573,21 +616,24 @@ GEM
     rswag-ui (2.3.1)
       actionpack (>= 3.1, < 7.0)
       railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.8.0)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
       rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    rubocop-rails (2.9.1)
+      activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
+      rubocop (>= 0.90.0, < 2.0)
+    ruby-progressbar (1.11.0)
     ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (2.3.0)
     sass (3.4.25)
     sass-rails (5.0.7)
       railties (>= 4.0.0, < 6)
@@ -601,18 +647,17 @@ GEM
     selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
-    shoulda-matchers (3.1.3)
-      activesupport (>= 4.0.0)
-    simplecov (0.17.1)
+    shoulda-matchers (4.4.1)
+      activesupport (>= 4.2.0)
+    simplecov (0.18.5)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
     sinatra (1.4.8)
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    spring (1.7.2)
+    spring (2.1.1)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
     sprockets (2.12.5)
@@ -624,23 +669,34 @@ GEM
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    state_machine (1.2.0)
-    stringex (1.5.1)
-    stripe (5.25.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.29.0)
     temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.6)
+    test-prof (0.11.3)
+    test-unit (3.3.9)
       power_assert
+    test_after_commit (1.2.2)
+      activerecord (>= 3.2, < 5.0)
     thor (0.20.3)
     thread_safe (0.3.6)
     tilt (1.4.1)
     timecop (0.9.2)
-    truncate_html (0.9.2)
-    tzinfo (0.3.57)
+    tzinfo (1.2.9)
+      thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
+    unicode-display_width (2.0.0)
+    unicorn (5.8.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
     unicorn-rails (2.2.1)
@@ -651,11 +707,11 @@ GEM
       unicorn (>= 4, < 6)
     warden (1.2.7)
       rack (>= 1.0)
-    webdrivers (4.2.0)
+    webdrivers (4.4.2)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.9.5)
+    webmock (3.11.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -666,8 +722,8 @@ GEM
     wkhtmltopdf-binary (0.12.5)
     xml-simple (1.1.5)
     xmlrpc (0.3.0)
-    xpath (2.1.0)
-      nokogiri (~> 1.3)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
@@ -680,19 +736,19 @@ DEPENDENCIES
   activerecord-postgresql-adapter
   activerecord-session_store
   acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.3.0)
+  acts_as_list (= 0.9.19)
   andand
   angular-rails-templates (~> 0.3.0)
   angularjs-file-upload-rails (~> 2.4.1)
   angularjs-rails (= 1.5.5)
   atomic
-  awesome_nested_set (~> 3.2.1)
+  awesome_nested_set (~> 3.3.1)
   awesome_print
   aws-sdk (= 1.67.0)
   bugsnag
-  byebug (~> 11.0.0)
+  byebug
   cancan (~> 1.6.10)
-  capybara (>= 2.18.0)
+  capybara
   catalog!
   coffee-rails (~> 4.2.2)
   combine_pdf
@@ -706,55 +762,53 @@ DEPENDENCIES
   debugger-linecache
   delayed_job_active_record
   delayed_job_web
-  devise (~> 3.5.10)
+  devise
   devise-encryptable
-  devise-token_authenticatable (~> 0.4.10)
+  devise-token_authenticatable
   dfc_provider!
   eventmachine (>= 1.2.3)
-  factory_bot_rails (= 4.10.0)
-  ffaker (~> 1.16)
+  factory_bot_rails (= 5.2.0)
+  ffaker
   figaro
-  foreigner
   foundation-icons-sass-rails
   foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.5.1)
   geocoder
   gmaps4rails
   haml
   highline (= 2.0.3)
-  i18n (~> 0.6.11)
+  i18n
   i18n-js (~> 3.8.0)
   immigrant
   jquery-migrate-rails
-  jquery-rails (= 3.1.5)
+  jquery-rails (= 4.4.0)
   jquery-ui-rails (~> 4.2)
-  json (>= 1.7.7)
+  json
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
-  kaminari (~> 0.17.0)
+  kaminari (~> 1.2.1)
   knapsack
   letter_opener (>= 1.4.1)
   mini_racer (= 0.2.15)
-  money (= 5.1.1)
-  newrelic_rpm (~> 3.0)
+  monetize (~> 1.1)
   oauth2 (~> 1.4.4)
   ofn-qz!
-  oj
   order_management!
   paper_trail (~> 7.1.3)
   paperclip (~> 3.4.1)
-  paranoia (~> 2.0)
+  paranoia (~> 2.4)
   pg (~> 0.21.0)
-  pry (~> 0.12.0)
-  pry-byebug (~> 3.7.0)
+  pry
+  pry-byebug
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
   rack-ssl
-  rails (~> 4.0.13)
-  rails-i18n (~> 4.0)
+  rails (~> 4.2)
+  rails-i18n
   rails_safe_tasks (~> 1.0)
   ransack (~> 1.8.10)
   redcarpet
+  responders (~> 2.0)
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
   rspec-rails (>= 3.5.2)
@@ -768,17 +822,16 @@ DEPENDENCIES
   selenium-webdriver
   shoulda-matchers
   simplecov
-  spree_i18n!
   spree_paypal_express!
   spring
   spring-commands-rspec
-  state_machine (= 1.2.0)
-  stringex (~> 1.5.1)
+  state_machines-activerecord
+  stringex (~> 2.8.5)
   stripe
   test-prof
   test-unit (~> 3.3)
+  test_after_commit
   timecop
-  truncate_html (= 0.9.2)
   uglifier (>= 1.0.3)
   unicorn
   unicorn-rails
@@ -791,7 +844,7 @@ DEPENDENCIES
   wkhtmltopdf-binary
 
 RUBY VERSION
-   ruby 2.3.7p456
+   ruby 2.4.4p296
 
 BUNDLED WITH
    1.17.3

README.md

@@ -33,7 +33,9 @@ We also have a [Super Admin Guide][super-admin-guide] to help with configuration
 
 ## Testing
 
-We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them!
+If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline.
+
+We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them! 
 
 ## Licence
 
@@ -45,3 +47,4 @@ Copyright (c) 2012 - 2020 Open Food Foundation, released under the AGPL licence.
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide
 [welcome-dev]: https://github.com/openfoodfoundation/openfoodnetwork/projects/27
+[zenhub]: https://www.zenhub.com/extension

Rakefile

@@ -1,4 +1,6 @@
 #!/usr/bin/env rake
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 

app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee

@@ -16,7 +16,7 @@ angular.module("admin.indexUtils").factory "PagedFetcher", (dataFetcher) ->
     fetchPages: (url, page, pageCallback) ->
       dataFetcher(@urlForPage(url, page)).then (data) =>
         @page++
-        @last_page = data.pages
+        @last_page = data.pagination.pages
 
         pageCallback(data) if pageCallback
 

app/assets/javascripts/admin/spree/base.js.erb

@@ -127,7 +127,16 @@ $(document).ready(function() {
         nextText: Spree.translations.next,
         showOn: "focus"
       });
-
+      
+       $.datepicker.regional[I18n.locale] = {
+          prevText: Spree.translations.previous,
+          nextText: Spree.translations.next,
+          monthNames: Spree.translations.month_names,
+          dayNames: Spree.translations.abbr_day_names,
+          dayNamesMin: Spree.translations.abbr_day_names,
+          dateFormat: Spree.translations.date_picker
+      };
+      $.datepicker.setDefaults( $.datepicker.regional[I18n.locale]);
       // Correctly display range dates
       $('.date-range-filter .datepicker-from').datepicker('option', 'onSelect', function(selectedDate) {
         $(".date-range-filter .datepicker-to" ).datepicker( "option", "minDate", selectedDate );

app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee

@@ -1,7 +1,7 @@
 Darkswarm.controller "CreditCardsCtrl", ($scope, CreditCard, CreditCards) ->
   angular.extend(this, new FieldsetMixin($scope))
   $scope.savedCreditCards = CreditCards.saved
-  $scope.setDefault = CreditCards.setDefault
+  $scope.confirmSetDefault = CreditCards.confirmSetDefault
   $scope.CreditCard = CreditCard
   $scope.secrets = CreditCard.secrets
   $scope.showForm = CreditCard.show

app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee

@@ -25,3 +25,6 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
     Cart.reloadFinalisedLineItems()
     ChangeableOrdersAlert.reload()
     $rootScope.$broadcast 'orderCycleSelected'
+
+  $scope.closesInLessThan3Months = () ->
+    moment().diff(moment(OrderCycle.orders_close_at(),  "YYYY-MM-DD HH:mm:SS Z"), 'days') > -75

app/assets/javascripts/darkswarm/directives/tabset_ctrl.js.coffee

@@ -5,15 +5,13 @@ Darkswarm.directive "tabsetCtrl", (Tabsets, $location) ->
     selected: "@"
     navigate: "="
     prefix: "@?"
-    alwaysopen: "="
   controller: ($scope, $element) ->
     if $scope.navigate
       path = $location.path()?.match(/^\/\w+$/)?[0]
       $scope.selected = path[1..] if path
 
     this.toggle = (name) ->
-      state = if $scope.alwaysopen then 'open' else null
-      Tabsets.toggle($scope.id, name, state)
+      Tabsets.toggle($scope.id, name)
 
     this.select = (selection) ->
       $scope.$broadcast("selection:changed", selection)

app/assets/javascripts/darkswarm/filters/localize_currency.js.coffee

@@ -6,7 +6,7 @@ Darkswarm.filter "localizeCurrency", (currencyConfig)->
     # Set decimal points, 2 or 0 if hide_cents.
     decimals = if currencyConfig.hide_cents == "true" then 0 else 2
     # Set format if the currency symbol should come after the number, otherwise (default) use the locale setting.
-    format = if currencyConfig.symbol_position == "after" then "%n %u" else undefined
+    format = if currencyConfig.symbol_position == "after" then "%n%u" else undefined
     # We need to use parseFloat as the amount should come in as a string.
     amount = parseFloat(amount)
 

app/assets/javascripts/darkswarm/services/cart.js.coffee

@@ -50,7 +50,7 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
         @popQueue() if @update_enqueued
 
       .error (response, status)=>
-        Messages.flash({error: t('js.cart.add_to_cart_failed')})
+        Messages.flash({error: response.error})
         @update_running = false
 
     compareAndNotifyStockLevels: (stockLevels) =>

app/assets/javascripts/darkswarm/services/credit_cards.js.coffee

@@ -1,4 +1,4 @@
-Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
+Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages, Customers)->
   new class CreditCard
     saved: $filter('orderBy')(savedCreditCards,'-is_default')
 
@@ -11,5 +11,13 @@ Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
         othercard.is_default = false
       $http.put("/credit_cards/#{card.id}", is_default: true).then (data) ->
         Messages.success(t('js.default_card_updated'))
+        Customers.clearAllAllowCharges()
       , (response) ->
         Messages.flash(response.data.flash)
+
+    confirmSetDefault: (card, event) =>
+      if confirm t("js.default_card_voids_auth")
+        @setDefault(card)
+      else
+        event.preventDefault()
+        return false

app/assets/javascripts/darkswarm/services/customer.js.coffee

@@ -1,4 +1,4 @@
-angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
+angular.module("Darkswarm").factory 'Customer', ($resource, $injector, Messages) ->
   Customer = $resource('/api/customers/:id/:action.json', {}, {
     'index':
       method: 'GET'
@@ -12,8 +12,21 @@ angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
   })
 
   Customer.prototype.update = ->
+    if @allow_charges
+      Messages.loading(t('js.authorising'))
     @$update().then (response) =>
-      Messages.success(t('js.changes_saved'))
+      if response.gateway_recurring_payment_client_secret && $injector.has('stripePublishableKey')
+        Messages.clear()
+        stripe = Stripe($injector.get('stripePublishableKey'), { stripeAccount: response.gateway_shop_id })
+        stripe.confirmCardSetup(response.gateway_recurring_payment_client_secret).then (result) =>
+          if result.error
+            @allow_charges = false
+            @$update(allow_charges: false)
+            Messages.error(result.error.message)
+          else
+            Messages.success(t('js.changes_saved'))
+      else
+        Messages.success(t('js.changes_saved'))
     , (response) =>
       Messages.error(response.data.error)
 

app/assets/javascripts/darkswarm/services/customers.js.coffee

@@ -12,3 +12,7 @@ angular.module("Darkswarm").factory 'Customers', (Customer) ->
       for customer in customers
         @all.push customer
         @byID[customer.id] = customer
+
+    clearAllAllowCharges: () ->
+      for customer in @index()
+        customer.allow_charges = false

app/assets/javascripts/darkswarm/services/tabsets.js.coffee

@@ -7,12 +7,10 @@ Darkswarm.factory 'Tabsets', ->
         @tabsets.push { ctrl: ctrl, id: id, selected: selected }
         ctrl.select(selected) if selected?
 
-    toggle: (id, name, state=null) ->
+    toggle: (id, name) ->
       tabset = @findTabsetByObject(id)
-      if tabset.selected == name
-        @select(tabset, null) unless state == "open"
-      else
-        @select(tabset, name) unless state == "closed"
+      if tabset.selected != name
+        @select(tabset, name)
 
     select: (tabset, name) ->
       tabset.selected = name

app/assets/javascripts/templates/partials/hub_details.html.haml

@@ -14,8 +14,9 @@
             {{'hubs_delivery' | t}}
     .row
       .columns.small-12
-        %a.cta-hub{"ng-href" => "{{::enterprise.path}}", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
+        %a.cta-hub{"ng-href" => "{{::enterprise.path}}#/shop", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
         "ng-class" => "{primary: enterprise.active, secondary: !enterprise.active}",
+        "ng-click" => "$close()",
         "ofn-change-hub" => "enterprise"}
           .hub-name{"ng-bind" => "::enterprise.name"}
           %span{"ng-if" => "::enterprise.active"} ({{'maps_open' | t}})

app/assets/javascripts/templates/partials/producer_details.html.haml

@@ -12,8 +12,9 @@
     .row
       .columns.small-12
         %a.cta-hub{"ng-repeat" => "hub in enterprise.hubs | filter:{id: '!'+enterprise.id} | orderBy:'-active'",
-        "ng-href" => "{{::hub.path}}", "ofn-empties-cart" => "hub",
-        "ng-class" => "::{primary: hub.active, secondary: !hub.active}"}
+        "ng-href" => "{{::hub.path}}#/shop", "ofn-empties-cart" => "hub",
+        "ng-class" => "::{primary: hub.active, secondary: !hub.active}",
+        "ng-click" => "$close()"}
           .hub-name{"ng-bind" => "::hub.name"}
           %span{"ng-if" => "::hub.active"} ({{'maps_open' | t}})
           %span{"ng-if" => "::!hub.active"} ({{'maps_closed' | t}})

app/assets/stylesheets/darkswarm/_shop-navigation.scss

@@ -41,19 +41,21 @@ ordercycle {
 
   .order-cycle-select {
     border: 1px solid $teal-300;
-    display: inline-block;
+    display: flex;
     font-size: 1em;
     border-radius: $radius-small;
+    margin-right: 10px;
+    margin-left: 10px;
 
     .select-label {
       background-color: rgba($teal-300, 0.5);
-      display: inline-block;
+      display: flex;
+      align-items: center;
+      justify-content: center;
       border-radius: $radius-small 0 0 $radius-small;
-      float: left;
       font-size: 1em;
       line-height: 1.3em;
       padding: 0.5em 0.75em;
-      height: 2.35em;
 
       span {
         width: max-content;
@@ -65,6 +67,7 @@ ordercycle {
       background-image: image-url('white-caret.svg');
       background-size: 30px auto;
       background-position-x: 102%;
+      height: 2.35em;
     }
 
     p {
@@ -82,7 +85,6 @@ ordercycle {
       padding: 0.5em 1.25em 0.5em 0.75em;
       font-size: 1em;
       line-height: 1.3em;
-      height: 2.35em;
       min-width: 13em;
       width: 200px;
 

app/assets/stylesheets/darkswarm/_shop-product-rows.scss

@@ -59,6 +59,7 @@
 
         // Variant price
         .variant-price {
+          white-space: nowrap;
           @include breakpoint(phablet) {
             padding-left: 1rem;
           }

app/controllers/admin/bulk_line_items_controller.rb

@@ -1,5 +1,6 @@
 module Admin
   class BulkLineItemsController < Spree::Admin::BaseController
+    include PaginationData
     # GET /admin/bulk_line_items.json
     #
     def index
@@ -12,9 +13,12 @@ module Admin
         ransack(params[:q]).result.
         reorder('spree_line_items.order_id ASC, spree_line_items.id ASC')
 
-      @line_items = @line_items.page(page).per(params[:per_page]) if using_pagination?
+      @line_items = @line_items.page(page).per(params[:per_page]) if pagination_required?
 
-      render json: { line_items: serialized_line_items, pagination: pagination_data }
+      render json: {
+        line_items: serialized_line_items,
+        pagination: pagination_data(@line_items)
+      }
     end
 
     # PUT /admin/bulk_line_items/:id.json
@@ -87,21 +91,6 @@ module Admin
       ::Permissions::Order.new(spree_current_user)
     end
 
-    def using_pagination?
-      params[:per_page]
-    end
-
-    def pagination_data
-      return unless using_pagination?
-
-      {
-        results: @line_items.total_count,
-        pages: @line_items.num_pages,
-        page: page.to_i,
-        per_page: params[:per_page].to_i
-      }
-    end
-
     def page
       params[:page] || 1
     end

app/controllers/admin/column_preferences_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ColumnPreferencesController < ResourceController
+  class ColumnPreferencesController < Admin::ResourceController
     before_action :load_collection, only: [:bulk_update]
 
     respond_to :json

app/controllers/admin/customers_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/address_finder'
 
 module Admin
-  class CustomersController < ResourceController
+  class CustomersController < Admin::ResourceController
     before_action :load_managed_shops, only: :index, if: :html_request?
     respond_to :json
 
@@ -42,7 +42,7 @@ module Admin
       end
     end
 
-    # copy of Spree::Admin::ResourceController without flash notice
+    # copy of Admin::ResourceController without flash notice
     def destroy
       invoke_callbacks(:destroy, :before)
       if @object.destroy
@@ -95,7 +95,7 @@ module Admin
       )
     end
 
-    # Used in ResourceController#update
+    # Used in Admin::ResourceController#update
     def permitted_resource_params
       customer_params
     end

app/controllers/admin/enterprise_fees_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseFeesController < ResourceController
+  class EnterpriseFeesController < Admin::ResourceController
     before_action :load_enterprise_fee_set, only: :index
     before_action :load_data
 

app/controllers/admin/enterprise_groups_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseGroupsController < ResourceController
+  class EnterpriseGroupsController < Admin::ResourceController
     before_action :load_data, except: :index
     before_action :load_object_data, only: [:new, :edit, :create, :update]
 

app/controllers/admin/enterprise_relationships_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRelationshipsController < ResourceController
+  class EnterpriseRelationshipsController < Admin::ResourceController
     def index
       @my_enterprises = Enterprise.
         includes(:shipping_methods, :payment_methods).

app/controllers/admin/enterprise_roles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRolesController < ResourceController
+  class EnterpriseRolesController < Admin::ResourceController
     def index
       @enterprise_roles = EnterpriseRole.by_user_email
       @users = Spree::User.order('spree_users.email')

app/controllers/admin/enterprises_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/permissions'
 require 'open_food_network/order_cycle_permissions'
 
 module Admin
-  class EnterprisesController < ResourceController
+  class EnterprisesController < Admin::ResourceController
     # These need to run before #load_resource so that @object is initialised with sanitised values
     prepend_before_action :override_owner, only: :create
     prepend_before_action :override_sells, only: :create
@@ -81,14 +81,14 @@ module Admin
     end
 
     def bulk_update
-      @enterprise_set = EnterpriseSet.new(collection, params[:enterprise_set])
+      @enterprise_set = EnterpriseSet.new(collection, bulk_params)
       if @enterprise_set.save
         flash[:success] = I18n.t(:enterprise_bulk_update_success_notice)
 
         redirect_to main_app.admin_enterprises_path
       else
         touched_enterprises = @enterprise_set.collection.select(&:changed?)
-        @enterprise_set.collection.select! { |e| touched_enterprises.include? e }
+        @enterprise_set.collection.to_a.select! { |e| touched_enterprises.include? e }
         flash[:error] = I18n.t(:enterprise_bulk_update_error)
         render :index
       end
@@ -214,7 +214,8 @@ module Admin
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
-          rule.update(attrs)
+
+          rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
       end
     end
@@ -319,7 +320,13 @@ module Admin
       PermittedAttributes::Enterprise.new(params).call
     end
 
-    # Used in ResourceController#create
+    def bulk_params
+      params.require(:enterprise_set).permit(
+        collection_attributes: PermittedAttributes::Enterprise.attributes
+      )
+    end
+
+    # Used in Admin::ResourceController#create
     def permitted_resource_params
       enterprise_params
     end

app/controllers/admin/inventory_items_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class InventoryItemsController < ResourceController
+  class InventoryItemsController < Admin::ResourceController
     respond_to :json
 
     respond_override update: { json: {

app/controllers/admin/order_cycles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class OrderCyclesController < ResourceController
+  class OrderCyclesController < Admin::ResourceController
     include OrderCyclesHelper
     include PaperTrailLogging
 
@@ -91,7 +91,7 @@ module Admin
 
     # Send notifications to all producers who are part of the order cycle
     def notify_producers
-      Delayed::Job.enqueue OrderCycleNotificationJob.new(params[:id].to_i)
+      OrderCycleNotificationJob.perform_later params[:id].to_i
 
       redirect_to main_app.admin_order_cycles_path,
                   notice: I18n.t(:order_cycles_email_to_producers_notice)

app/controllers/admin/producer_properties_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProducerPropertiesController < ResourceController
+  class ProducerPropertiesController < Admin::ResourceController
     before_action :load_enterprise
     before_action :load_properties
     before_action :setup_property, only: [:index]

app/controllers/admin/proxy_orders_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProxyOrdersController < ResourceController
+  class ProxyOrdersController < Admin::ResourceController
     respond_to :json
 
     def edit

app/controllers/admin/resource_controller.rb

@@ -1,41 +1,303 @@
+require 'action_callbacks'
+
 module Admin
-  class ResourceController < Spree::Admin::ResourceController
+  class ResourceController < Spree::Admin::BaseController
+    helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
+    before_action :load_resource, except: [:update_positions]
+    rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
+    rescue_from CanCan::AccessDenied, with: :unauthorized
+
+    respond_to :html
+    respond_to :js, except: [:show, :index]
+
+    def new
+      invoke_callbacks(:new_action, :before)
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def edit
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def update
+      invoke_callbacks(:update, :before)
+      if @object.update(permitted_resource_params)
+        invoke_callbacks(:update, :after)
+        flash[:success] = flash_message_for(@object, :successfully_updated)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:update, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def create
+      invoke_callbacks(:create, :before)
+      @object.attributes = permitted_resource_params
+      if @object.save
+        invoke_callbacks(:create, :after)
+        flash[:success] = flash_message_for(@object, :successfully_created)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:create, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def update_positions
+      params[:positions].each do |id, index|
+        model_class.where(id: id).update_all(position: index)
+      end
+
+      respond_to do |format|
+        format.js { render text: 'Ok' }
+      end
+    end
+
+    def destroy
+      invoke_callbacks(:destroy, :before)
+      if @object.destroy
+        invoke_callbacks(:destroy, :after)
+        flash[:success] = flash_message_for(@object, :successfully_removed)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+          format.js   { render partial: "spree/admin/shared/destroy" }
+        end
+      else
+        invoke_callbacks(:destroy, :fails)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+        end
+      end
+    end
+
+    protected
+
+    def resource_not_found
+      flash[:error] = flash_message_for(model_class.new, :not_found)
+      redirect_to collection_url
+    end
+
+    class << self
+      attr_accessor :parent_data
+      attr_accessor :callbacks
+
+      def belongs_to(model_name, options = {})
+        @parent_data ||= {}
+        @parent_data[:model_name] = model_name
+        @parent_data[:model_class] = model_name.to_s.classify.constantize
+        @parent_data[:find_by] = options[:find_by] || :id
+      end
+
+      def new_action
+        @callbacks ||= {}
+        @callbacks[:new_action] ||= ActionCallbacks.new
+      end
+
+      def create
+        @callbacks ||= {}
+        @callbacks[:create] ||= ActionCallbacks.new
+      end
+
+      def update
+        @callbacks ||= {}
+        @callbacks[:update] ||= ActionCallbacks.new
+      end
+
+      def destroy
+        @callbacks ||= {}
+        @callbacks[:destroy] ||= ActionCallbacks.new
+      end
+    end
+
     def model_class
-      controller_name.classify.to_s.constantize
+      controller_class_name.constantize
+    end
+
+    def model_name
+      parent_data[:model_name].gsub('spree/', '')
+    end
+
+    def object_name
+      controller_name.singularize
+    end
+
+    def load_resource
+      if member_action?
+        @object ||= load_resource_instance
+
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! action, @object
+
+        instance_variable_set("@#{object_name}", @object)
+
+        # If we don't have access, clear the object
+        unless can? action, @object
+          instance_variable_set("@#{object_name}", nil)
+        end
+
+        authorize! action, @object
+      else
+        @collection ||= collection
+
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
+
+        instance_variable_set("@#{controller_name}", @collection)
+      end
+    end
+
+    def load_resource_instance
+      if new_actions.include?(action)
+        build_resource
+      elsif params[:id]
+        find_resource
+      end
+    end
+
+    def parent_data
+      self.class.parent_data
+    end
+
+    def parent
+      return nil if parent_data.blank?
+
+      @parent ||= parent_data[:model_class].
+        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+      instance_variable_set("@#{model_name}", @parent)
+    end
+
+    def find_resource
+      if parent_data.present?
+        parent.public_send(controller_name).find(params[:id])
+      else
+        model_class.find(params[:id])
+      end
+    end
+
+    def build_resource
+      if parent_data.present?
+        parent.public_send(controller_name).build
+      else
+        model_class.new
+      end
+    end
+
+    def collection
+      return parent.public_send(controller_name) if parent_data.present?
+
+      if model_class.respond_to?(:accessible_by) &&
+         !current_ability.has_block?(params[:action], model_class)
+        model_class.accessible_by(current_ability, action)
+      else
+        model_class.scoped
+      end
+    end
+
+    def location_after_save
+      collection_url
+    end
+
+    def invoke_callbacks(action, callback_type)
+      callbacks = self.class.callbacks || {}
+      return if callbacks[action].nil?
+
+      case callback_type.to_sym
+      when :before then callbacks[action].before_methods.each { |method| __send__ method }
+      when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
+      when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
+      end
     end
 
     # URL helpers
     def new_object_url(options = {})
       if parent_data.present?
-        main_app.new_polymorphic_url([:admin, parent, model_class], options)
+        url_helper.new_polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.new_polymorphic_url([:admin, model_class], options)
+        url_helper.new_polymorphic_url([:admin, model_class], options)
       end
     end
 
     def edit_object_url(object, options = {})
       if parent_data.present?
-        main_app.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
+        url_helper.public_send "edit_admin_#{model_name}_#{object_name}_url",
+                               parent, object, options
       else
-        main_app.public_send "edit_admin_#{object_name}_url", object, options
+        url_helper.public_send "edit_admin_#{object_name}_url",
+                               object, options
       end
     end
 
     def object_url(object = nil, options = {})
       target = object || @object
       if parent_data.present?
-        main_app.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
+        url_helper.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
       else
-        main_app.public_send "admin_#{object_name}_url", target, options
+        url_helper.public_send "admin_#{object_name}_url", target, options
       end
     end
 
+    # Permit specific list of params
+    #
+    # Example: params.require(object_name).permit(:name)
+    def permitted_resource_params
+      raise "All extending controllers need to override the method permitted_resource_params"
+    end
+
     def collection_url(options = {})
       if parent_data.present?
-        main_app.polymorphic_url([:admin, parent, model_class], options)
+        url_helper.polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.polymorphic_url([:admin, model_class], options)
+        url_helper.polymorphic_url([:admin, model_class], options)
       end
     end
+
+    def collection_actions
+      [:index]
+    end
+
+    def member_action?
+      !collection_actions.include? action
+    end
+
+    def new_actions
+      [:new, :create]
+    end
+
+    private
+
+    def controller_class_name
+      if spree_controller?
+        "Spree::#{controller_name.classify}"
+      else
+        controller_name.classify.to_s
+      end
+    end
+
+    def url_helper
+      if spree_controller?
+        spree
+      else
+        main_app
+      end
+    end
+
+    def spree_controller?
+      controller_path.starts_with? "spree"
+    end
   end
 end

app/controllers/admin/schedules_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/permissions'
 require 'order_management/subscriptions/proxy_order_syncer'
 
 module Admin
-  class SchedulesController < ResourceController
+  class SchedulesController < Admin::ResourceController
     include PaperTrailLogging
 
     before_action :adapt_params, only: [:update]

app/controllers/admin/subscription_line_items_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/order_cycle_permissions'
 require 'open_food_network/scope_variant_to_hub'
 
 module Admin
-  class SubscriptionLineItemsController < ResourceController
+  class SubscriptionLineItemsController < Admin::ResourceController
     before_action :load_build_context, only: [:build]
     before_action :ensure_shop, only: [:build]
     before_action :ensure_variant, only: [:build]

app/controllers/admin/subscriptions_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/permissions'
 
 module Admin
-  class SubscriptionsController < ResourceController
+  class SubscriptionsController < Admin::ResourceController
     before_action :load_shops, only: [:index]
     before_action :load_form_data, only: [:new, :edit]
     before_action :strip_banned_attrs, only: [:update]

app/controllers/admin/tag_rules_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class TagRulesController < ResourceController
+  class TagRulesController < Admin::ResourceController
     respond_to :json
 
     respond_override destroy: { json: {

app/controllers/admin/variant_overrides_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/spree_api_key_loader'
 
 module Admin
-  class VariantOverridesController < ResourceController
+  class VariantOverridesController < Admin::ResourceController
     include OpenFoodNetwork::SpreeApiKeyLoader
     include EnterprisesHelper
 

app/controllers/api/base_controller.rb

@@ -5,17 +5,16 @@ require "spree/core/controller_helpers/ssl"
 module Api
   class BaseController < ActionController::Metal
     include ActionController::StrongParameters
+    include ActionController::RespondWith
     include Spree::Api::ControllerSetup
     include Spree::Core::ControllerHelpers::SSL
     include ::ActionController::Head
-
-    respond_to :json
+    include ::ActionController::ConditionalGet
 
     attr_accessor :current_api_user
 
     before_action :set_content_type
     before_action :authenticate_user
-    after_action  :set_jsonp_format
 
     rescue_from Exception, with: :error_during_processing
     rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -34,13 +33,6 @@ module Api
     use_renderers :json
     check_authorization
 
-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
     def respond_with_conflict(json_hash)
       render json: json_hash, status: :conflict
     end
@@ -63,17 +55,13 @@ module Api
     end
 
     def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
+      headers["Content-Type"] = "application/json"
     end
 
     def error_during_processing(exception)
-      render(text: { exception: exception.message }.to_json,
+      Bugsnag.notify(exception)
+
+      render(json: { exception: exception.message },
              status: :unprocessable_entity) && return
     end
 

app/controllers/api/customers_controller.rb

@@ -11,13 +11,25 @@ module Api
       @customer = Customer.find(params[:id])
       authorize! :update, @customer
 
+      client_secret = RecurringPayments.setup_for(@customer) if params[:customer][:allow_charges]
+
       if @customer.update(customer_params)
+        add_recurring_payment_info(client_secret)
         render json: @customer, serializer: CustomerSerializer, status: :ok
       else
         invalid_resource!(@customer)
       end
     end
 
+    private
+
+    def add_recurring_payment_info(client_secret)
+      return unless client_secret
+
+      @customer.gateway_recurring_payment_client_secret = client_secret
+      @customer.gateway_shop_id = @customer.enterprise.stripe_account&.stripe_user_id
+    end
+
     def customer_params
       params.require(:customer).permit(:code, :email, :enterprise_id, :allow_charges)
     end

app/controllers/api/enterprises_controller.rb

@@ -15,7 +15,7 @@ module Api
       @enterprise = Enterprise.new(enterprise_params)
       if @enterprise.save
         @enterprise.user_ids = user_ids
-        render text: @enterprise.id, status: :created
+        render json: @enterprise.id, status: :created
       else
         invalid_resource!(@enterprise)
       end
@@ -26,7 +26,7 @@ module Api
       authorize! :update, @enterprise
 
       if @enterprise.update(enterprise_params)
-        render text: @enterprise.id, status: :ok
+        render json: @enterprise.id, status: :ok
       else
         invalid_resource!(@enterprise)
       end

app/controllers/api/exchange_products_controller.rb

@@ -5,6 +5,7 @@
 # Pagination is optional and can be required by using param[:page]
 module Api
   class ExchangeProductsController < Api::BaseController
+    include PaginationData
     DEFAULT_PER_PAGE = 100
 
     skip_authorization_check only: [:index]
@@ -77,29 +78,16 @@ module Api
     end
 
     def render_paginated_products(paginated_products)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
         paginated_products,
         each_serializer: Api::Admin::ForOrderCycle::SuppliedProductSerializer,
         order_cycle: @order_cycle
       )
 
-      result = { products: serializer }
-      result = result.merge(pagination: pagination_data(paginated_products)) if pagination_required?
-
-      render text: result.to_json
-    end
-
-    def pagination_data(paginated_products)
-      {
-        results: paginated_products.total_count,
-        pages: paginated_products.num_pages,
-        page: params[:page].to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
+      render json: {
+        products: serialized_products,
+        pagination: pagination_data(paginated_products)
       }
     end
-
-    def pagination_required?
-      params[:page].present?
-    end
   end
 end

app/controllers/api/order_cycles_controller.rb

@@ -20,7 +20,7 @@ module Api
         search_params
       ).products_json
 
-      render json: products
+      render plain: products, content_type: "application/json"
     rescue ProductsRenderer::NoProducts
       render_no_products
     end
@@ -31,13 +31,15 @@ module Api
         where(spree_products: { id: distributed_products }).
         select('DISTINCT spree_taxons.*')
 
-      render json: ActiveModel::ArraySerializer.new(taxons, each_serializer: Api::TaxonSerializer)
+      render plain: ActiveModel::ArraySerializer.new(
+        taxons, each_serializer: Api::TaxonSerializer
+      ).to_json, content_type: "application/json"
     end
 
     def properties
-      render json: ActiveModel::ArraySerializer.new(
+      render plain: ActiveModel::ArraySerializer.new(
         product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      )
+      ).to_json, content_type: "application/json"
     end
 
     private

app/controllers/api/orders_controller.rb

@@ -1,5 +1,7 @@
 module Api
   class OrdersController < Api::BaseController
+    include PaginationData
+
     def show
       authorize! :read, order
       render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
@@ -8,11 +10,11 @@ module Api
     def index
       authorize! :admin, Spree::Order
 
-      search_results = SearchOrders.new(params, current_api_user)
+      orders = SearchOrders.new(params, current_api_user).orders
 
       render json: {
-        orders: serialized_orders(search_results.orders),
-        pagination: search_results.pagination_data
+        orders: serialized_orders(orders),
+        pagination: pagination_data(orders)
       }
     end
 

app/controllers/api/products_controller.rb

@@ -3,8 +3,8 @@ require 'spree/core/product_duplicator'
 
 module Api
   class ProductsController < Api::BaseController
+    include PaginationData
     respond_to :json
-    DEFAULT_PAGE = 1
     DEFAULT_PER_PAGE = 15
 
     skip_authorization_check only: [:show, :bulk_products, :overridable]
@@ -63,7 +63,7 @@ module Api
       @products = product_query.
         ransack(query_params_with_defaults).
         result.
-        page(params[:page] || DEFAULT_PAGE).
+        page(params[:page] || 1).
         per(params[:per_page] || DEFAULT_PER_PAGE)
 
       render_paged_products @products
@@ -130,31 +130,19 @@ module Api
     end
 
     def render_paged_products(products, product_serializer = ::Api::Admin::ProductSerializer)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
         products,
         each_serializer: product_serializer
       )
 
-      render text: {
-        products: serializer,
-        # This line is used by the PagedFetcher JS service (inventory).
-        pages: products.num_pages,
-        # This hash is used by the BulkProducts JS service.
+      render json: {
+        products: serialized_products,
         pagination: pagination_data(products)
-      }.to_json
+      }
     end
 
     def query_params_with_defaults
-      params[:q].to_h.reverse_merge(s: 'created_at desc')
-    end
-
-    def pagination_data(results)
-      {
-        results: results.total_count,
-        pages: results.num_pages,
-        page: (params[:page] || DEFAULT_PAGE).to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
-      }
+      (params[:q] || {}).reverse_merge(s: 'created_at desc')
     end
 
     def product_params

app/controllers/application_controller.rb

@@ -1,7 +1,13 @@
+# frozen_string_literal: true
+
+require "application_responder"
 require 'open_food_network/referer_parser'
 require_dependency 'spree/authentication_helpers'
 
 class ApplicationController < ActionController::Base
+  self.responder = ApplicationResponder
+  respond_to :html
+
   protect_from_forgery
 
   prepend_before_action :restrict_iframes
@@ -10,6 +16,12 @@ class ApplicationController < ActionController::Base
   include EnterprisesHelper
   include Spree::AuthenticationHelpers
 
+  # Helper for debugging strong_parameters
+  rescue_from ActiveModel::ForbiddenAttributesError, with: :print_params
+  def print_params
+    raise ActiveModel::ForbiddenAttributesError, params.to_s
+  end
+
   def redirect_to(options = {}, response_status = {})
     ::Rails.logger.error("Redirected by #{begin
                                             caller(1).first

app/controllers/cart_controller.rb

@@ -1,5 +1,3 @@
-require 'spree/core/controller_helpers/order'
-
 class CartController < BaseController
   before_action :check_authorization
 
@@ -13,7 +11,8 @@ class CartController < BaseController
     Spree::Adjustment.without_callbacks do
       cart_service = CartService.new(order)
 
-      if cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      if cart_service.valid?
         order.update_distribution_charge!
         order.cap_quantity_at_stock!
         order.update!
@@ -24,7 +23,8 @@ class CartController < BaseController
                        stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
                status: :ok
       else
-        render json: { error: true }, status: :precondition_failed
+        render json: { error: cart_service.errors.full_messages.join(",") },
+               status: :precondition_failed
       end
     end
     populate_variant_attributes

app/controllers/checkout_controller.rb

@@ -5,6 +5,7 @@ require 'open_food_network/address_finder'
 class CheckoutController < Spree::StoreController
   layout 'darkswarm'
 
+  include OrderStockCheck
   include CheckoutHelper
   include OrderCyclesHelper
   include EnterprisesHelper
@@ -24,7 +25,7 @@ class CheckoutController < Spree::StoreController
 
   before_action :ensure_order_not_completed
   before_action :ensure_checkout_allowed
-  before_action :ensure_sufficient_stock_lines
+  before_action :handle_insufficient_stock
 
   before_action :associate_user
   before_action :check_authorization
@@ -77,13 +78,6 @@ class CheckoutController < Spree::StoreController
     redirect_to main_app.cart_path if @order.completed?
   end
 
-  def ensure_sufficient_stock_lines
-    if @order.insufficient_stock_lines.present?
-      flash[:error] = Spree.t(:inventory_error_flash_for_insufficient_quantity)
-      redirect_to main_app.cart_path
-    end
-  end
-
   def load_order
     @order = current_order
 

app/controllers/concerns/order_stock_check.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module OrderStockCheck
+  extend ActiveSupport::Concern
+
+  def handle_insufficient_stock
+    return if sufficient_stock?
+
+    flash[:error] = Spree.t(:inventory_error_flash_for_insufficient_quantity)
+    redirect_to main_app.cart_path
+  end
+
+  private
+
+  def sufficient_stock?
+    @sufficient_stock ||= @order.insufficient_stock_lines.blank?
+  end
+end

app/controllers/concerns/pagination_data.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module PaginationData
+  extend ActiveSupport::Concern
+
+  def pagination_data(objects)
+    return unless objects.respond_to? :total_count
+
+    {
+      results: objects.total_count,
+      pages: objects.total_pages,
+      page: (params[:page] || 1).to_i,
+      per_page: (params[:per_page] || default_per_page).to_i
+    }
+  end
+
+  def pagination_required?
+    params[:page].present? || params[:per_page].present?
+  end
+
+  def default_per_page
+    return unless defined? self.class::DEFAULT_PER_PAGE
+
+    self.class::DEFAULT_PER_PAGE
+  end
+end

app/controllers/enterprises_controller.rb

@@ -6,6 +6,8 @@ class EnterprisesController < BaseController
   include OrderCyclesHelper
   include SerializerHelper
 
+  protect_from_forgery except: :check_permalink
+
   # These prepended filters are in the reverse order of execution
   prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop
 

app/controllers/spree/admin/adjustments_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class AdjustmentsController < ResourceController
+    class AdjustmentsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
       destroy.after :reload_order
 

app/controllers/spree/admin/countries_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class CountriesController < ResourceController
+    class CountriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/images_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ImagesController < ResourceController
+    class ImagesController < ::Admin::ResourceController
       # This will make resource controller redirect correctly after deleting product images.
       # This can be removed after upgrading to Spree 2.1.
       # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1

app/controllers/spree/admin/orders_controller.rb

@@ -43,7 +43,7 @@ module Spree
       end
 
       def update
-        unless @order.update(order_params) && @order.line_items.present?
+        unless order_params.present? && @order.update(order_params) && @order.line_items.present?
           if @order.line_items.empty?
             @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
           end

app/controllers/spree/admin/payment_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PaymentMethodsController < ResourceController
+    class PaymentMethodsController < ::Admin::ResourceController
       skip_before_action :load_resource, only: [:create, :show_provider_preferences]
       before_action :load_data
       before_action :validate_payment_method_provider, only: [:create]
@@ -51,7 +51,7 @@ module Spree
       end
 
       # Only show payment methods that user has access to and sort by distributor name
-      # ! Redundant code copied from Spree::Admin::ResourceController with modifications marked
+      # ! Redundant code copied from Admin::ResourceController with modifications marked
       def collection
         return parent.public_send(controller_name) if parent_data.present?
 

app/controllers/spree/admin/payments_controller.rb

@@ -135,7 +135,9 @@ module Spree
         return unless @payment.payment_method.class == Spree::Gateway::StripeSCA
 
         @payment.authorize!
-        raise Spree::Core::GatewayError, I18n.t('authorization_failure') unless @payment.pending?
+        return if @payment.pending? && @payment.cvv_response_message.nil?
+
+        raise Spree::Core::GatewayError, I18n.t('authorization_failure')
       end
     end
   end

app/controllers/spree/admin/product_properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ProductPropertiesController < ResourceController
+    class ProductPropertiesController < ::Admin::ResourceController
       belongs_to 'spree/product', find_by: :permalink
       before_action :find_properties
       before_action :setup_property, only: [:index]

app/controllers/spree/admin/products_controller.rb

@@ -4,7 +4,7 @@ require 'open_food_network/permissions'
 
 module Spree
   module Admin
-    class ProductsController < ResourceController
+    class ProductsController < ::Admin::ResourceController
       helper 'spree/products'
       include OpenFoodNetwork::SpreeApiKeyLoader
       include OrderCyclesHelper
@@ -179,7 +179,7 @@ module Spree
       end
 
       def bulk_index_query(params)
-        params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
+        (params[:filters] || {}).merge(page: params[:page], per_page: params[:per_page])
       end
 
       def load_form_data

app/controllers/spree/admin/properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PropertiesController < ResourceController
+    class PropertiesController < ::Admin::ResourceController
       def permitted_resource_params
         params.require(:property).permit(:name, :presentation)
       end

app/controllers/spree/admin/resource_controller.rb

@@ -1,282 +0,0 @@
-require 'action_callbacks'
-
-module Spree
-  module Admin
-    class ResourceController < Spree::Admin::BaseController
-      helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
-      before_action :load_resource, except: [:update_positions]
-      rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-
-      respond_to :html
-      respond_to :js, except: [:show, :index]
-
-      def new
-        invoke_callbacks(:new_action, :before)
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def edit
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def update
-        invoke_callbacks(:update, :before)
-        if @object.update(permitted_resource_params)
-          invoke_callbacks(:update, :after)
-          flash[:success] = flash_message_for(@object, :successfully_updated)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:update, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def create
-        invoke_callbacks(:create, :before)
-        @object.attributes = permitted_resource_params
-        if @object.save
-          invoke_callbacks(:create, :after)
-          flash[:success] = flash_message_for(@object, :successfully_created)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:create, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def update_positions
-        params[:positions].each do |id, index|
-          model_class.where(id: id).update_all(position: index)
-        end
-
-        respond_to do |format|
-          format.js { render text: 'Ok' }
-        end
-      end
-
-      def destroy
-        invoke_callbacks(:destroy, :before)
-        if @object.destroy
-          invoke_callbacks(:destroy, :after)
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          invoke_callbacks(:destroy, :fails)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-
-      protected
-
-      def resource_not_found
-        flash[:error] = flash_message_for(model_class.new, :not_found)
-        redirect_to collection_url
-      end
-
-      class << self
-        attr_accessor :parent_data
-        attr_accessor :callbacks
-
-        def belongs_to(model_name, options = {})
-          @parent_data ||= {}
-          @parent_data[:model_name] = model_name
-          @parent_data[:model_class] = model_name.to_s.classify.constantize
-          @parent_data[:find_by] = options[:find_by] || :id
-        end
-
-        def new_action
-          @callbacks ||= {}
-          @callbacks[:new_action] ||= ActionCallbacks.new
-        end
-
-        def create
-          @callbacks ||= {}
-          @callbacks[:create] ||= ActionCallbacks.new
-        end
-
-        def update
-          @callbacks ||= {}
-          @callbacks[:update] ||= ActionCallbacks.new
-        end
-
-        def destroy
-          @callbacks ||= {}
-          @callbacks[:destroy] ||= ActionCallbacks.new
-        end
-      end
-
-      def model_class
-        "Spree::#{controller_name.classify}".constantize
-      end
-
-      def model_name
-        parent_data[:model_name].gsub('spree/', '')
-      end
-
-      def object_name
-        controller_name.singularize
-      end
-
-      def load_resource
-        if member_action?
-          @object ||= load_resource_instance
-
-          # call authorize! a third time (called twice already in Admin::BaseController)
-          # this time we pass the actual instance so fine-grained abilities can control
-          # access to individual records, not just entire models.
-          authorize! action, @object
-
-          instance_variable_set("@#{object_name}", @object)
-
-          # If we don't have access, clear the object
-          unless can? action, @object
-            instance_variable_set("@#{object_name}", nil)
-          end
-
-          authorize! action, @object
-        else
-          @collection ||= collection
-
-          # note: we don't call authorize here as the collection method should use
-          # CanCan's accessible_by method to restrict the actual records returned
-
-          instance_variable_set("@#{controller_name}", @collection)
-        end
-      end
-
-      def load_resource_instance
-        if new_actions.include?(action)
-          build_resource
-        elsif params[:id]
-          find_resource
-        end
-      end
-
-      def parent_data
-        self.class.parent_data
-      end
-
-      def parent
-        return nil if parent_data.blank?
-
-        @parent ||= parent_data[:model_class].
-          public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
-        instance_variable_set("@#{model_name}", @parent)
-      end
-
-      def find_resource
-        if parent_data.present?
-          parent.public_send(controller_name).find(params[:id])
-        else
-          model_class.find(params[:id])
-        end
-      end
-
-      def build_resource
-        if parent_data.present?
-          parent.public_send(controller_name).build
-        else
-          model_class.new
-        end
-      end
-
-      def collection
-        return parent.public_send(controller_name) if parent_data.present?
-
-        if model_class.respond_to?(:accessible_by) &&
-           !current_ability.has_block?(params[:action], model_class)
-          model_class.accessible_by(current_ability, action)
-        else
-          model_class.scoped
-        end
-      end
-
-      def location_after_save
-        collection_url
-      end
-
-      def invoke_callbacks(action, callback_type)
-        callbacks = self.class.callbacks || {}
-        return if callbacks[action].nil?
-
-        case callback_type.to_sym
-        when :before then callbacks[action].before_methods.each { |method| __send__ method }
-        when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
-        when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
-        end
-      end
-
-      # URL helpers
-
-      def new_object_url(options = {})
-        if parent_data.present?
-          spree.new_polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.new_polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def edit_object_url(object, options = {})
-        if parent_data.present?
-          spree.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
-        else
-          spree.public_send "edit_admin_#{object_name}_url", object, options
-        end
-      end
-
-      def object_url(object = nil, options = {})
-        target = object || @object
-        if parent_data.present?
-          spree.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
-        else
-          spree.public_send "admin_#{object_name}_url", target, options
-        end
-      end
-
-      # Permit specific list of params
-      #
-      # Example: params.require(object_name).permit(:name)
-      def permitted_resource_params
-        raise "All extending controllers need to override the method permitted_resource_params"
-      end
-
-      def collection_url(options = {})
-        if parent_data.present?
-          spree.polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def collection_actions
-        [:index]
-      end
-
-      def member_action?
-        !collection_actions.include? action
-      end
-
-      def new_actions
-        [:new, :create]
-      end
-    end
-  end
-end

app/controllers/spree/admin/return_authorizations_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ReturnAuthorizationsController < ResourceController
+    class ReturnAuthorizationsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
 
       update.after :associate_inventory_units

app/controllers/spree/admin/shipping_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingCategoriesController < ResourceController
+    class ShippingCategoriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/shipping_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingMethodsController < ResourceController
+    class ShippingMethodsController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
       before_action :set_shipping_category, only: [:create, :update]
       before_action :set_zones, only: [:create, :update]

app/controllers/spree/admin/states_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class StatesController < ResourceController
+    class StatesController < ::Admin::ResourceController
       belongs_to 'spree/country'
       before_action :load_data
 

app/controllers/spree/admin/tax_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxCategoriesController < ResourceController
+    class TaxCategoriesController < ::Admin::ResourceController
       def destroy
         if @object.destroy
           flash[:success] = flash_message_for(@object, :successfully_removed)

app/controllers/spree/admin/tax_rates_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxRatesController < ResourceController
+    class TaxRatesController < ::Admin::ResourceController
       before_action :load_data
 
       private

app/controllers/spree/admin/taxonomies_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxonomiesController < ResourceController
+    class TaxonomiesController < ::Admin::ResourceController
       respond_to :json, only: [:get_children]
 
       def get_children

app/controllers/spree/admin/users_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class UsersController < ResourceController
+    class UsersController < ::Admin::ResourceController
       rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error
 
       after_action :sign_in_if_change_own_password, only: :update
@@ -100,7 +100,7 @@ module Spree
 
       private
 
-      # handling raise from Spree::Admin::ResourceController#destroy
+      # handling raise from Admin::ResourceController#destroy
       def user_destroy_with_orders_error
         invoke_callbacks(:destroy, :fails)
         render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)

app/controllers/spree/admin/variants_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/scope_variants_for_search'
 
 module Spree
   module Admin
-    class VariantsController < ResourceController
+    class VariantsController < ::Admin::ResourceController
       helper 'spree/products'
 
       belongs_to 'spree/product', find_by: :permalink
@@ -23,7 +23,9 @@ module Spree
           flash[:success] = flash_message_for(@object, :successfully_updated)
           redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
         else
-          redirect_to spree.edit_admin_product_variant_url(params[:product_id], @object, @url_filters)
+          redirect_to spree.edit_admin_product_variant_url(params[:product_id],
+                                                           @object,
+                                                           @url_filters)
         end
       end
 

app/controllers/spree/admin/zones_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ZonesController < ResourceController
+    class ZonesController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
 
       def new

app/controllers/spree/credit_cards_controller.rb

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'stripe/credit_card_remover'
+
 module Spree
   class CreditCardsController < BaseController
     def new_from_token
@@ -27,6 +31,7 @@ module Spree
       authorize! :update, @credit_card
 
       if @credit_card.update(credit_card_params)
+        remove_shop_authorizations if credit_card_params["is_default"]
         render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
       else
         update_failed
@@ -39,11 +44,12 @@ module Spree
       @credit_card = Spree::CreditCard.find_by(id: params[:id])
       if @credit_card
         authorize! :destroy, @credit_card
-        destroy_at_stripe
+        Stripe::CreditCardRemover.new(@credit_card).call
       end
 
       # Using try because we may not have a card here
       if @credit_card.try(:destroy)
+        remove_shop_authorizations if @credit_card.is_default
         flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
       else
         flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -56,18 +62,8 @@ module Spree
 
     private
 
-    # It destroys the whole customer object
-    def destroy_at_stripe
-      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
-
-      stripe_customer&.delete
-    end
-
-    def stripe_account_id
-      StripeAccount.
-        find_by(enterprise_id: @credit_card.payment_method.preferred_enterprise_id).
-        andand.
-        stripe_user_id
+    def remove_shop_authorizations
+      @credit_card.user.customers.update_all(allow_charges: false)
     end
 
     def create_customer(token)

app/controllers/spree/orders_controller.rb

@@ -1,6 +1,3 @@
-require 'spree/core/controller_helpers/order'
-require 'spree/core/controller_helpers/auth'
-
 module Spree
   class OrdersController < Spree::StoreController
     include OrderCyclesHelper

app/controllers/spree/paypal_controller_decorator.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 Spree::PaypalController.class_eval do
+  include OrderStockCheck
+
   before_action :enable_embedded_shopfront
   before_action :destroy_orphaned_paypal_payments, only: :confirm
   after_action :reset_order_when_complete, only: :confirm
@@ -40,6 +42,9 @@ Spree::PaypalController.class_eval do
     begin
       pp_response = provider.set_express_checkout(pp_request)
       if pp_response.success?
+        # At this point Paypal has *provisionally* accepted that the payment can now be placed,
+        # and the user will be redirected to a Paypal payment page. On completion, the user is
+        # sent back and the response is handled in the #confirm action in this controller.
         redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
       else
         flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
@@ -51,6 +56,32 @@ Spree::PaypalController.class_eval do
     end
   end
 
+  def confirm
+    @order = current_order || raise(ActiveRecord::RecordNotFound)
+
+    # At this point the user has come back from the Paypal form, and we get one
+    # last chance to interact with the payment process before the money moves...
+    return reset_to_cart unless sufficient_stock?
+
+    @order.payments.create!({
+      source: Spree::PaypalExpressCheckout.create({
+        token: params[:token],
+        payer_id: params[:PayerID]
+      }),
+      amount: @order.total,
+      payment_method: payment_method
+    })
+    @order.next
+    if @order.complete?
+      flash.notice = Spree.t(:order_processed_successfully)
+      flash[:commerce_tracking] = "nothing special"
+      session[:order_id] = nil
+      redirect_to completion_route(@order)
+    else
+      redirect_to checkout_state_path(@order.state)
+    end
+  end
+
   def cancel
     flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
     redirect_to main_app.checkout_path
@@ -66,6 +97,10 @@ Spree::PaypalController.class_eval do
 
   private
 
+  def payment_method
+    @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
+  end
+
   def permit_parameters!
     params.permit(:token, :payment_method_id, :PayerID)
   end
@@ -79,6 +114,11 @@ Spree::PaypalController.class_eval do
     end
   end
 
+  def reset_to_cart
+    OrderCheckoutRestart.new(@order).call
+    handle_insufficient_stock
+  end
+
   # See #1074 and #1837 for more detail on why we need this
   # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
   # for orders that are processed using a Spree::Gateway::PayPalExpress payment method

app/controllers/spree/user_registrations_controller.rb

@@ -18,26 +18,6 @@ module Spree
     before_action :check_permissions, only: [:edit, :update]
     skip_before_action :require_no_authentication
 
-    # GET /resource/sign_up
-    def new
-      super
-      @user = resource
-    end
-
-    # POST /resource/sign_up
-    def create
-      @user = build_resource(params[:spree_user])
-      if resource.save
-        set_flash_message(:notice, :signed_up)
-        sign_in(:spree_user, @user)
-        associate_user
-        respond_with resource, location: after_sign_up_path_for(resource)
-      else
-        clean_up_passwords(resource)
-        render :new
-      end
-    end
-
     # GET /resource/edit
     def edit
       super

app/helpers/admin/injection_helper.rb

@@ -130,10 +130,6 @@ module Admin
                                                             json: @hub_permissions.to_json }
     end
 
-    def admin_inject_products
-      admin_inject_json_ams_array "ofn.admin", "products", @products, Api::Admin::ProductSerializer
-    end
-
     def admin_inject_tax_categories(opts = { module: 'ofn.admin' })
       admin_inject_json_ams_array opts[:module],
                                   "tax_categories",

app/helpers/application_helper.rb

@@ -1,6 +1,6 @@
 module ApplicationHelper
-  def feature?(feature)
-    OpenFoodNetwork::FeatureToggle.enabled? feature
+  def feature?(feature, user = nil)
+    OpenFoodNetwork::FeatureToggle.enabled?(feature, user)
   end
 
   def ng_form_for(name, *args, &block)

app/helpers/checkout_helper.rb

@@ -18,7 +18,9 @@ module CheckoutHelper
     enterprise_fee_adjustments = adjustments.select { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     adjustments.reject! { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     unless exclude.include? :admin_and_handling
-      adjustments << Spree::Adjustment.new(label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.sum(&:amount))
+      adjustments << Spree::Adjustment.new(
+        label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.map(&:amount).sum
+      )
     end
 
     adjustments
@@ -26,7 +28,7 @@ module CheckoutHelper
 
   def display_checkout_admin_and_handling_adjustments_total_for(order)
     adjustments = order.adjustments.eligible.where('originator_type = ? AND source_type != ? ', 'EnterpriseFee', 'Spree::LineItem')
-    Spree::Money.new adjustments.sum(&:amount), currency: order.currency
+    Spree::Money.new adjustments.map(&:amount).sum, currency: order.currency
   end
 
   def checkout_line_item_adjustments(order)
@@ -34,7 +36,7 @@ module CheckoutHelper
   end
 
   def checkout_subtotal(order)
-    order.item_total + checkout_line_item_adjustments(order).sum(&:amount)
+    order.item_total + checkout_line_item_adjustments(order).map(&:amount).sum
   end
 
   def display_checkout_subtotal(order)

app/helpers/html_helper.rb

@@ -1,21 +0,0 @@
-module HtmlHelper
-  def strip_html(html)
-    strip_surrounding_whitespace substitute_entities strip_tags add_linebreaks html
-  end
-
-  def substitute_entities(html)
-    html.andand.gsub(/ /i, ' ').andand.gsub(/&/i, '&')
-  end
-
-  def add_linebreaks(html)
-    # I know Cthulu is coming for me. Forgive me.
-    # http://stackoverflow.com/a/1732454/2720566
-    html.
-      andand.gsub(%r{</h[^>]>|</p>|</div>}, "\\1\n\n").
-      andand.gsub(/<br[^>]*>/, "\\1\n")
-  end
-
-  def strip_surrounding_whitespace(html)
-    html.andand.strip
-  end
-end

app/helpers/spree/reports_helper.rb

@@ -1,4 +1,4 @@
-require 'spree/money_decorator'
+require 'spree/money'
 
 module Spree
   module ReportsHelper

app/jobs/bulk_invoice_job.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class BulkInvoiceJob < ActiveJob::Base
+  def perform(order_ids, filepath)
+    pdf = CombinePDF.new
+
+    orders_from(order_ids).each do |order|
+      invoice = renderer.render_to_string(order)
+
+      pdf << CombinePDF.parse(invoice)
+    end
+
+    pdf.save filepath
+  end
+
+  private
+
+  def orders_from(order_ids)
+    Spree::Order.where(id: order_ids).order("completed_at DESC")
+  end
+
+  def renderer
+    @renderer ||= InvoiceRenderer.new
+  end
+end

app/jobs/confirm_order_job.rb

@@ -1,5 +1,7 @@
-ConfirmOrderJob = Struct.new(:order_id) do
-  def perform
+# frozen_string_literal: true
+
+class ConfirmOrderJob < ActiveJob::Base
+  def perform(order_id)
     Spree::OrderMailer.confirm_email_for_customer(order_id).deliver
     Spree::OrderMailer.confirm_email_for_shop(order_id).deliver
   end

app/jobs/confirm_signup_job.rb

@@ -1,5 +1,7 @@
-ConfirmSignupJob = Struct.new(:user_id) do
-  def perform
+# frozen_string_literal: true
+
+class ConfirmSignupJob < ActiveJob::Base
+  def perform(user_id)
     user = Spree::User.find user_id
     Spree::UserMailer.signup_confirmation(user).deliver
   end

app/jobs/order_cycle_notification_job.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Delivers an email with a report of the order cycle to each of its suppliers
-OrderCycleNotificationJob = Struct.new(:order_cycle_id) do
-  def perform
+class OrderCycleNotificationJob < ActiveJob::Base
+  def perform(order_cycle_id)
     order_cycle = OrderCycle.find(order_cycle_id)
     order_cycle.suppliers.each do |supplier|
       ProducerMailer.order_cycle_report(supplier, order_cycle).deliver

app/jobs/subscription_confirm_job.rb

@@ -62,7 +62,7 @@ class SubscriptionConfirmJob
     return unless order.payment_required?
 
     prepare_for_payment!(order)
-    order.process_payments!
+    order.process_payments_offline!
     raise if order.errors.any?
   end
 

app/jobs/welcome_enterprise_job.rb

@@ -1,5 +1,7 @@
-WelcomeEnterpriseJob = Struct.new(:enterprise_id) do
-  def perform
+# frozen_string_literal: true
+
+class WelcomeEnterpriseJob < ActiveJob::Base
+  def perform(enterprise_id)
     enterprise = Enterprise.find enterprise_id
     EnterpriseMailer.welcome(enterprise).deliver
   end

app/mailers/spree/order_mailer.rb

@@ -2,7 +2,6 @@
 
 module Spree
   class OrderMailer < BaseMailer
-    helper HtmlHelper
     helper ::CheckoutHelper
     helper SpreeCurrencyHelper
     helper Spree::Admin::PaymentsHelper

app/models/concerns/api_action_caching.rb

@@ -9,7 +9,7 @@ module ApiActionCaching
   included do
     include ActionController::Caching
     include ActionController::Caching::Actions
-    include AbstractController::Layouts
+    include ActionView::Layouts
 
     # These configs are not assigned to the controller automatically with ActionController::Metal
     self.cache_store = Rails.configuration.cache_store

app/models/customer.rb

@@ -25,6 +25,9 @@ class Customer < ActiveRecord::Base
 
   before_create :associate_user
 
+  attr_accessor :gateway_recurring_payment_client_secret
+  attr_accessor :gateway_shop_id
+
   private
 
   def downcase_email

app/models/enterprise.rb

@@ -132,7 +132,7 @@ class Enterprise < ActiveRecord::Base
       where(nil)
     end
   }
-  scope :is_primary_producer, -> { where(is_primary_producer: true) }
+  scope :is_primary_producer, -> { where("enterprises.is_primary_producer IS TRUE") }
   scope :is_distributor, -> { where('sells != ?', 'none') }
   scope :is_hub, -> { where(sells: 'any') }
   scope :supplying_variant_in, lambda { |variants|
@@ -400,7 +400,7 @@ class Enterprise < ActiveRecord::Base
   end
 
   def send_welcome_email
-    Delayed::Job.enqueue WelcomeEnterpriseJob.new(id)
+    WelcomeEnterpriseJob.perform_later(id)
   end
 
   def strip_url(url)

app/models/enterprise_group.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'open_food_network/locking'
 require 'open_food_network/permalink_generator'
 require 'spree/core/s3_support'
@@ -66,10 +68,10 @@ class EnterpriseGroup < ActiveRecord::Base
   def unset_undefined_address_fields
     return if address.blank?
 
-    address.phone.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.address1.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.city.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.zipcode.sub!(/^#{I18n.t(:undefined)}$/, '')
+    address.phone = address.phone.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.address1 = address.address1.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.city = address.city.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.zipcode = address.zipcode.sub(/^#{I18n.t(:undefined)}$/, '')
   end
 
   def to_param

app/models/spree/adjustment.rb

@@ -86,18 +86,10 @@ module Spree
     # Update the boolean _eligible_ attribute which determines which adjustments
     # count towards the order's adjustment_total.
     def set_eligibility
-      result = mandatory || (amount != 0 && eligible_for_originator?)
+      result = mandatory || amount != 0
       update_column(:eligible, result)
     end
 
-    # Allow originator of the adjustment to perform an additional eligibility of the adjustment
-    # Should return _true_ if originator is absent or doesn't implement _eligible?_
-    def eligible_for_originator?
-      return true if originator.nil?
-
-      !originator.respond_to?(:eligible?) || originator.eligible?(source)
-    end
-
     # Update both the eligibility and amount of the adjustment. Adjustments
     # delegate updating of amount to their Originator when present, but only if
     # +locked+ is false. Adjustments that are +locked+ will never change their amount.

app/models/spree/gateway/stripe_connect.rb

@@ -31,6 +31,10 @@ module Spree
         failed_activemerchant_billing_response(e.message)
       end
 
+      def charge_offline(money, creditcard, gateway_options)
+        purchase(money, creditcard, gateway_options)
+      end
+
       # NOTE: the name of this method is determined by Spree::Payment::Processing
       def void(response_code, _creditcard, gateway_options)
         gateway_options[:stripe_account] = stripe_account_id

app/models/spree/gateway/stripe_sca.rb

@@ -45,11 +45,21 @@ module Spree
         failed_activemerchant_billing_response(e.message)
       end
 
+      # NOTE: the name of this method is determined by Spree::Payment::Processing
+      def charge_offline(money, creditcard, gateway_options)
+        customer, payment_method =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
+
+        options = basic_options(gateway_options).merge(customer: customer, off_session: true)
+        provider.purchase(money, payment_method, options)
+      rescue Stripe::StripeError => e
+        failed_activemerchant_billing_response(e.message)
+      end
+
       # NOTE: the name of this method is determined by Spree::Payment::Processing
       def authorize(money, creditcard, gateway_options)
-        authorize_response = provider.authorize(*options_for_authorize(money,
-                                                                       creditcard,
-                                                                       gateway_options))
+        authorize_response =
+          provider.authorize(*options_for_authorize(money, creditcard, gateway_options))
         Stripe::AuthorizeResponsePatcher.new(authorize_response).call!
       rescue Stripe::StripeError => e
         failed_activemerchant_billing_response(e.message)
@@ -61,7 +71,7 @@ module Spree
         payment_intent_response = Stripe::PaymentIntent.retrieve(payment_intent_id,
                                                                  stripe_account: stripe_account_id)
         gateway_options[:stripe_account] = stripe_account_id
-        provider.refund(payment_intent_response.amount_received, response_code, gateway_options)
+        provider.refund(refundable_amount(payment_intent_response), response_code, gateway_options)
       end
 
       # NOTE: the name of this method is determined by Spree::Payment::Processing
@@ -79,6 +89,11 @@ module Spree
 
       private
 
+      def refundable_amount(payment_intent_response)
+        payment_intent_response.amount_received -
+          payment_intent_response.charges.data.map(&:amount_refunded).sum
+      end
+
       # In this gateway, what we call 'secret_key' is the 'login'
       def options
         options = super
@@ -97,8 +112,8 @@ module Spree
         options = basic_options(gateway_options)
         options[:return_url] = full_checkout_path
 
-        customer_id, payment_method_id = Stripe::CreditCardCloner.new.clone(creditcard,
-                                                                            stripe_account_id)
+        customer_id, payment_method_id =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
         options[:customer] = customer_id
         [money, payment_method_id, options]
       end

app/models/spree/image.rb

@@ -34,14 +34,24 @@ module Spree
     end
 
     def find_dimensions
-      temporary = attachment.queued_for_write[:original]
-      filename = temporary.path unless temporary.nil?
-      filename = attachment.path if filename.blank?
-      geometry = Paperclip::Geometry.from_file(filename)
+      return if attachment.errors.present?
+
+      geometry = Paperclip::Geometry.from_file(local_filename_of_original)
+
       self.attachment_width  = geometry.width
       self.attachment_height = geometry.height
     end
 
+    def local_filename_of_original
+      temporary = attachment.queued_for_write[:original]
+
+      if temporary&.path.present?
+        temporary.path
+      else
+        attachment.path
+      end
+    end
+
     # if there are errors from the plugin, then add a more meaningful message
     def no_attachment_errors
       return if attachment.errors.empty?

app/models/spree/line_item.rb

@@ -178,7 +178,7 @@ module Spree
     end
 
     def included_tax
-      adjustments.included_tax.sum(&:included_tax)
+      adjustments.included_tax.sum(:included_tax)
     end
 
     def tax_rates